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Grand Central Exposes APIs 
In Business Services Network 

Single sign-in simplifies security situations 



BY EDWARD J. CORREIA 

With the release of Business 
Services Network 2005 in late 
October, Grand Central Com- 
munications Inc. has exposed 
all the functionality of its inte- 
gration-as-a-service network, 
following the hugely successful 
example of Web services pio- 
neers such as eBay Inc. and 
Amazon.com. 

eBay currently conducts 
about 1.3 billion auctions per 
year, and according to Ron 
Palmeri, Grand Central's exec- 
utive vice president of product 
and corporate development, 
"35 percent are done through 
their APIs," he said. 

Palmeri said that by expos- 



ing functionality in this way, 
Grand Central is allowing its 
interfaces to be woven into the 
business processes of partners, 
► continued on page 19 




Most integration projects live in a 
'pay and pray' world, says Minor. 



Solaris 10 Free; 
Sun Gets Closer 
To Open Source 

Adds 64-bit x86 compilers, new Java 
tools aimed at better collaboration 



BY YVONNE L. LEE 

Sun Microsystems Inc. an- 
nounced last month that its 
Solaris 10 operating system will 
be free of charge when it is 
released on Jan. 30, 2005. The 
company also announced it will 
release an open-source version 
in the first quarter of next year. 

Comparing Solaris to the 
open-source Linux operating 
system, Sun CEO Scott Mc- 
Nealy said, "The only thing you 
can say is we haven't open- 
sourced it. We will fix that next 
quarter." Details regarding 
such issues as licensing, gover- 
nance and the specific software 
that will be made available still 
were not finalized, however. 

President Jonathan Schwartz 
said offering an open-source 
version of Solaris is intended for 
the academic community and 
other researchers, who would 
innovate on die operating sys- 
tem. In addition, hardware man- 
ufacturers would be able to cre- 



ate drivers more easily. 

The company plans to create 
a community process similar to 
the Java Community Process, 
said Schwartz. Solaris 10 can be 
downloaded now for noncom- 
mercial use. 

Rumors had circulated that 
The SCO Group, which owns at 
least some rights to the Unix 
operating system, might not per- 
mit Sun to release the code to its 
Unix version under an open- 
source license. SCO, however, 
says that is not the case. 

"Sun has the broadest rights 
of any Unix vendor out there," 
said Blake Stowell, a spokesman 
for SCO. Sun has paid more 
than US$100 million over the 
years for those rights, he said. 
"Because they have very broad 
rights, there's a lot of flexibility 
in what they can and can't do." 

In the meantime, Solaris 10 

will include a new version of 

Java Studio Enterprise and new 

► continued on page 19 
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For nearly every organiza- 
tion, for nearly every devel- 
oper, the Web has changed 
everything. The rate of change 
was driven, at first, by the fea- 
tures that Tim Berners-Lee built 
into his early World Wide Web 
model in 1990. But to a greater 
extent, the wide acceptance of 
the broad platform that we all 
use as the modern Web was dri- 
ven by the creation of the World 
Wide Web Consortium in Octo- 
ber 1994, and by the unifying 



INSIDE 



One-Way Links Key to Web 

Give Web Credit For 
Open-Source Explosion 

Web-Based Development: 
A Giant Step Forward, 
Small Steps Back 

Pages 16, 11 

influence that the W3C has 
brought to this nascent paradigm 
over die past decade. 

The Web consists of a num- 
ber of disparate individual 
applications running on the 
Internet, which is itself a num- 
ber of disparate interconnected 
networks. Those applications 
provide a number of services. 
Web applications started as sim- 
ple static pages containing text 
and hyperlinks, delivered by 
TCP/IP-enabled applications 



that could provide those files 
upon a GET request by a Web 
client. The Web, of course, has 
evolved since then in ways that 
nobody would have imagined, 
from embedded graphics, ani- 
mations, client-side scripting, 
server-side scripting, encryp- 
tion, authentication, application 
servers, n-tiered architectures, 
XML-based metadata, SOAP 
calls, Web services and, now, 
service-oriented architectures. 
► continued on page 17 



A PROCESS 
FOR SECURING 
SOFTWARE 

Best practices are a 
must, company says 

BY DAVID RUBINSTEIN 

It takes more than tools and 
tests to secure software from 
vulnerabilities, according to 
Secure Software Inc. It takes a 
process as well. 

The McLean, Va., company, 
founded in July 2001 by securi- 
ty expert John Viega, will 
launch this month a new suite 
of analysis tools built for devel- 
opers, QA testers and auditors. 
► continued on page 19 
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Open-Source Ingres Beginning to Pay Dividends 

FreeBSD r SCO ports join CA's other Linux r Windows editions 



BY EDWARD J. CORREIA 

Computer Associates Interna- 
tional Inc. claims that new clus- 
tering and scalability features 
built into the Nov. 1 release of 
Ingres 3 put its enterprise data- 
base for Linux and Windows on 
a par with Oracle 9i and 
Microsoft SQL Server 2000. 

Perhaps more interesting is 
the opening of Ingres source 
code, a move the company says 
is already starting to bring 
unexpected results from the 
developer community. "We had 
FreeBSD and SCO [ports] 
delivered this week," said 
Emma McGrattan, vice presi- 
dent of development for Ingres, 
speaking in early November. 
"We're also looking at a Mac 
[OS X] port. It's very exciting." 

The source, which is available 
now for Linux and Windows 
editions at ca.com/opensource, 
was originally made available 
to Linux developers in August, 
a move McGrattan said was 
intended to engage the commu- 



nity. "We were looking to inno- 
vate more and to work with 
the open-source community to 
come up with ideas for future 
enhancements . " 

She compared the model 
with that of MySQL AB, whose 
namesake open-source data- 
base is among the world's most 
popular. "MySQL has proven 



there's a demand for an open- 
source database," she said, but 
hastened to point out a key 
pricing difference. "If you make 
money off MySQL, you have to 
pay a license to MySQL. VARs 
don't have to pay a royalty to 
embed Ingres in their applica- 
tion" under CA's trusted open- 
source license. MySQL is 



licensed under the GPL. 

McGrattan said CA, which 
had seen profits from Ingres 
since its acquisition in 1994, 
plans to make up that revenue 
with service offerings. "For peo- 
ple putting the product in a pilot, 
the FastTrack development sup- 
port option costs [US]$250 per 
named user per month," she 



said. Pricing for 24-hour enter- 
prise support starts at $1,995 per 
server processor per year. 

Ingres 3 is available now for 
Linux and Windows, with Solaris 
and HP/UX scheduled for 
release by die end of this year, 
McGrattan said. Editions for 
AIX, Tru64 and HP OpenVMS 
are scheduled for early 2005. 1 



IBM Updates Tools to Build Self-Healing Systems 



BY JENNIFER DEJONG 

Still spreading the word on its 
"self-healing" systems, IBM 
Corp. updated its toolkit 
aimed at developers who want 
to add such smarts to their 
own applications. 

The company in late Octo- 
ber announced Autonomic 
Computing Toolkit 2.0, which 
helps ISVs and corporate 
developers build applications 
that can diagnose and fix prob- 
lems, such as poor perfor- 



mance or server failure, with- 
out human intervention. 

The updated collection of 
tools lets developers build 
applications that manage 
themselves, instead of requir- 
ing IT administrators to inter- 
vene, said IBM's program 
director for autonomic com- 
puting, Adel Fahmy. 

New to the toolkit (www 
.ibm.com/developerworks 
/autonomic/overview.html) is 
support for Eclipse 3.0, as well 



as for the OS/400 and Solaris 
operating systems. 

The previous version, 1.0, 
which was delivered in Febru- 
ary, covered AIX, Linux and 
Windows. 

Among the tools included 
in the kit is an autonomic man- 
agement engine that allows 
developers to specify events, 
such as disk usage, that they 
want to monitor, said Fahmy. 
By building that capability into 
the application, when the 



application is deployed, it can 
determine, for example, that 
disk space is filling up and per- 
formance is slowing down. 

Instead of forcing the IT 
administrator to pinpoint and 
fix the problem, the engine 
analyzes what types of files are 
being generated and elimi- 
nates those, such as old log 
files, that aren't necessary. 
"The goal is to develop ap- 
plications that are more re- 
silient," he said. I 



Enerjy: Test Configurations 
Can Be Changed on the Fly 



BY DAVID RUBINSTEIN 

The ability to change test con- 
figurations on the fly while an 
application is being profiled, 
without restarting the applica- 
tion, is being called a "first of its 
kind" feature by Enerjy Soft- 
ware, which in November 
released Edition 6 of its Java 
code analysis and profiler tools. 
Enerjy is a subsidiary of Team- 
studio Inc. 

Michael Hamilton, the com- 
pany's architect of tools, said the 
new profiling capability built 
into the Enerjy Memory Profiler 
and the Performance Profiler 
lets developers look at different 
parts of the application while it's 
running. "You can refocus the 
attention the profiler is paying to 
the application" with the simple 
click of a button, he said. "Hav- 
ing to restart the app server 
every time you want to look at a 
piece of an application can be a 
pain. Those seconds it takes to 
restart can be excruciating." 

The profilers — there also is a 
Thread Profiler — which can be 
embedded inside a Java IDE, 
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Enerjy Code Analyzer has a new rule priority feature and can be integrat- 
ed into a development environment. 



also now have a status view fea- 
ture, Hamilton added. 

The company's static code 
analysis tool, Code Analyzer, has 
been enhanced with a rules pri- 
ority feature, the ability to filter 
sections of a project from the 
analyzer and integration with 
Apache's Ant build tool. Hamil- 
ton said, 'You can go through a 
configuration and decide, for 



instance, that javadoc errors are 
not as important as eclipsing a 
variable might be." 

Also, the reporting feature 
within Code Analyzer now can 
let users see which rules were 
configured to be tested against, 
which Hamilton said will help 
developers speed up code re- 
views. The tools are available for 
US$295 per tool per developer. I 
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NEW PRODUCTS 




Dralasoft Inc. is offering BPEL Orchestrator, a workflow manager for 
the Business Process Execution Language. Orchestrator, which is an 
add-on to the company's Workflow suite, includes a visual designer 
that can generate WSDL definitions based on process workflow inter- 
action reguirements, a runtime engine and a monitoring system 
. . . Environmental Systems Research Institute Inc. 
(ESRI) is offering ArcGIS Data Interoperability, a new 
extension to its ArcGIS platform that lets geographic 
data be shared in a number of formats, including XML 
. . . BluePhoenix Solutions Ltd. has announced Lan- 
guageMigrator for PowerBuilder, a code converter that translates 
PowerBuilder applications to Java. The software, to be released in May 
2005, uses an open-source library to implement PowerBuilder-specif- 
ic system functions . . . Accelerated Technology is offering Nucleus 
Cipher Suite, a stand-alone application that can be invoked over SSL, 
PPP or SNMP to perform crypto functions for embedded applications. 
Licenses start at US$4,495 . . . DataSource Inc. is shipping its Jetson 
software, which is designed to create J2EE applications without pro- 
gramming. It will build and deploy code for JBoss, BEA's WebLogic and 
IBM's WebSphere application servers. Prices start at US$995 and vary 
according to the number of databases and application servers used. 



UPGRADES 



AppForge Inc. has updated its cross-platform mobile development sys- 
tem. Crossfire 5.5 now can target Palm OS, Symbian and Pocket PC 
using Visual C#. The new version also supports RFID, Pocket PC 2003 
Second Edition, and Windows Mobile Smartphones . . . ActiveState has 
updated its Perl Dev Kit. Version 6.0 adds new graphical user inter- 
faces, shared library options and a dynamic DLL loader; it also adds 
tools for creating MSI installation files. New to version 6.0 is a con- 
verter that translates VBScript into ► continued on page 15 
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License Managers Step Up Piracy Fight 



BY DAVID RUBINSTEIN 

Piracy remains a billion-dollar 
problem for software companies. 
A July study by IDC showed that 
22 percent of the software in use 
in the United States is unli- 
censed. A survey by Ipsos Public 



Affairs released in October 
showed that while 9 in 10 soft- 
ware professionals believe busi- 
nesses can't afford the risk of 
piracy, nearly 1 in 4 of them say 
some of the software in use 
where they work is unlicensed. 



In the past month, four ven- 
dors — Desaware Inc., jProduc- 
tivity LLC, Macrovision Corp. 
and Protexis Inc. — have updat- 
ed or introduced licensing solu- 
tions to help software compa- 
nies combat piracy. 



Version 1.1 of the US$1,495 
Desaware Licensing System, 
for Microsoft's .NET, relies on 
cryptography built into that 
framework to manage the dis- 
tribution of applications, com- 
ponents and Web services, 
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according to Desaware founder 
Dan Appleman. It provides a 
customizable algorithm that 
developers can use to create 
their own system identifiers and 
set priorities, he said, to deter- 
mine if two systems are actually 
the same in terms of activation. 

Also new in this version are 
samples of how to create a sub- 
scription-type model; an obfus- 
cator to prevent reverse-engi- 
neering of code; a new license 
manager application for creat- 
ing keys and managing applica- 
tions; and a US$495 single 
application edition. 

j Productivity recently re- 
leased version 1.2 oi its cus- 
tomizable Protection licensing 
framework to support a variety 
of licensing models, such as 
named user and floating. The 
framework locks the license to a 
network card MAC address, 
which "is the only thing in a sys- 
tem that's truly unique," accord- 
ing to CEO Alex Krivov. The sys- 
tem also offers a grace period 
during which mission-critical 
applications can continue to 
function even drough the origi- 
nal license has expired, he said. 
The standard edition, with no 
floating or named-user models 
or license activation support, 
sells for $299, while a Pro edition 
with those features costs $699. 

Macrovision's Update Ser- 
vice 4, made available in mid- 
November, lets software pub- 
lishers make IT administrators 
aware of updates and patches, 
and to deliver those where they 
need to go. Also, the company 
has updated its FLEXnet utility 
pricing module, which collects 
and processes usage data for 
the publisher, who then can see 
patterns and take advantage of 
potential business opportuni- 
ties in a "pay-as-you-go" model. 

Protexis last month launched 
a suite of three hosted licensing 
modules — for product activa- 
tion and copy protection, pro- 
motional services for registra- 
tion and trial use, and merchant 
services for handling credit- 
card payments, international 
localization, conversion and tax- 
es. "The idea is to help publish- 
ers drive revenue, and you do 
that by leveraging customer 
registration data, by sending 
e-mails to remind users their 
trial is almost up, and by pro- 
viding the services they need to 
transact in an open way, in any 
channel," said Karl Hirsch, 
CEO of Protexis. I 
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Digital Evolution Ships XML VPN Device 



BY YVONNE L. LEE 

Plug it in and have safe, easy 
transport between Web ser- 
vices and business partners. 
That's what Digital Evolution 
Inc. hopes its XML VPN Appli- 
ance will do. 



"The challenge isn't so much 
preventing unauthorized access; 
it's about making it easier for 
people you want to [have] 
access to access it," said Ian 
Goldsmith, vice president oi 
product marketing. 



Using Digital Evolution's 
devices to create a virtual private 
network (VPN) between busi- 
ness partners that are using 
Web services means developers 
don't have to download security 
libraries and create programs for 



authorizing access among the 
partners to the Web services. 

To create a Digital Evolu- 
tion VPN requires using the 
VPN Appliance at the Web ser- 
vices sender's end, along with a 
VPN Controller. A second VPN 
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Appliance at the consumer's 
end is optional, Goldsmith said. 

An average configuration 
will sell for US$75,000. 

The XML VPN Controller 
provides central policy and rights 
management and transaction 
auditing services. It is available 
as a software product for deploy- 
ment by a VPN provider, or as a 
hosted solution. The Controller 
includes delegated management 
and Web services rights provi- 
sioning capabilities. It is the cen- 
tral certificate and key manage- 
ment service for a VPN instance. 
It also acts as the collection point 
for distributed audit data gather- 
ing and reporting. I 

AppSight Looks 
Into Windows 
Through J2EE 

BY YVONNE L. LEE 

J2EE and .NET applications 
have to interoperate, so Identify 
Inc. in November updated its 
AppSight performance moni- 
toring application to work in 
heterogeneous environments. 

"Before, we had a system that 
could look at either a J2EE pure 
environment or a Microsoft envi- 
ronment," said Lori Wizdo, vice 
president of marketing. 

Identify refers to its software 
as "black box" technology 
because just as an airplane's 
flight data recorder collects 
information about a flight to 
decipher what happened follow- 
ing a crash, AppSight is designed 
to collect all data concerning an 
application to provide informa- 
tion about why the application 
failed, Wizdo said. 

Specifically, AppSight 5.5 
uses agent software to log 
events happening throughout 
an application that uses J2EE 
server software and .NET-based 
client software, Wizdo said. 

AppSight is designed to com- 
pete against monitoring pro- 
grams from Mercury Interactive 
Corp. and Wily Technology Inc., 
she said, adding that she 
believed her company's product 
added more integration between 
the two environments. 

"A lot of the bigger players 
have acquired point solutions [for 
the two environments], so the 
integration between those solu- 
tions is still on the road map," she 
said. "It's not in the product yet." 

Full installations of AppSight 
5.5 cost between US$150,000 
and $200,000, she said. I 
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Developers love creating code... 
Managers crave process control.. 
Bridge the gap with Seapine CM. 

Software development is a team ©FFort with developers, testers, 
and manage ment all working toward one goal - delivering the 
highest quality product on time- 



Bui If on award-winning TestTrack Pro and Surround SCM, 
Seapine CM brings structure to source contra! and issue 
management, improving communication while accelerating 
product development. 

Seapine CM helps your team... 

Define custom change requesr workflows, puffing you in control 
of who makes changes and who authorizes the closure of issues. 

Associate source code changes with delects or change requests. 



Gain a thorough understanding of how much work reroc 
before project completion. 

View complete audit trails of what changed, why, and by whom. 

Understand how close you are to release— how many issues are open, 
how quicttty ore you closing them, how many are re-opened? 

Successful team-based development requires the proper process 
supported by the right development tools. Tools that are 
flexible, easy to use, secure, and scalable— like Seapine CM. 
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Software Testing Gets Real at STPcon 



BY YVONNE L. LEE 

The first Software Test & Per- 
formance Conference, pro- 
duced by BZ Media LLC, will 
debut Dec. 7-9 at the Hyatt 
Regency in the Inner Harbor in 
Baltimore. The event brings 
together test/QA experts to 
teach technical classes on the 
latest techniques being used in 
the field. 

BZ Media is the publisher 
of SD Times and Software Test 
& Performance, a magazine 
launched in 2004 that is moving 
to a monthly publishing sched- 



ule beginning in February 2005. 

"This show is for two cate- 
gories of attendees: senior peo- 
ple who manage the QA 
process, and test QA managers 
who want to work better within 
the engineering process," said 
conference director Alan 
Zeichick, who is also editor-in- 
chief of SD Times. 

"The old model that you just 
wrote software and threw it 
over the wall to testing doesn't 
work," he said. 

To that end, the conference 
will feature classes on such top- 



ics as agile processes, model- 
based testing and test-driven 
development. The classes will 
be led by testing practitioners, 
Zeichick emphasized. 

The keynote address, "The 
Ongoing Revolution in Software 
Testing," will be presented Wed- 
nesday at 5 p.m. by Cem Kaner, 
professor of software engineer- 
ing at Florida Institute of Tech- 
nology and director of Florida 
Tech s Center for Software Test- 
ing Education & Research. Kan- 
er is the author of "Lessons 
Learned in Software Testing," 



"Testing Computer Software" 
and "Bad Software: What To Do 
When Software Fails." 

The conference expects to 
draw approximately 400 atten- 
dees, according to Zeichick. 

Tuesday will feature full-day 
tutorials, while Wednesday and 
Thursday will have a series of 
90-minute classes and an exhib- 
it hall. 

Online registration is avail- 
able at www.stpcon.com. The 
conference also will make avail- 
able on-site registration for the 
US$1,195 conference. I 




Kenneth Iverson, Father of APL, Dies 



BY YVONNE L. LEE 

Kenneth Iverson, who received 
the Association of Computing 
Machinery's Turing Award for 
creating the APL programming 
language, died on Oct. 19 fol- 
lowing a stroke. He was 83. 

He suffered the stroke in 
front of his computer at home 
in Toronto on a Saturday 
evening, and died three days 
later. His wife, Jean, and other 



family members were by his 
side, according to his son Eric. 

Iverson received the Turing 
Award in 1979 for creating 
APL. 

He invented APL in 1962 
while he was a stvident at Har- 
vard. It was an interpreted lan- 
guage designed for array pro- 
cessing. 

"Things you would do in C in 
a page of code, you could do in a 



line of APL," said Jim Horning, 
co-chair of the ACM awards 
committee. "It was both a bless- 
ing and a curse. It was a blessing 
because it was so concise and 
powerful. It was a curse because 
if anyone else looked at that line, 
they'd have a devil of a time fig- 
uring out what that did." 

The language also was known 
for the unusual character set it 
required, which was a combina- 



tion of mathematical symbols, 
arrows and special characters. It 
was necessary to use a special 
keyboard to write the code. 

In the 1990s, Iverson and 
Kevin Hui wrote the J program- 
ming language, a language sim- 
ilar to APL that used the stan- 
dard ASCII character set. 

The family has asked that 
memorial donations be sent to 
the bursary fund of the Acade- 
my for Lifelong Learning 
(www.allto.ca), at 59 St. George 
St., Toronto ON, M5S 2E6. I 
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Presenting a FREE Web Seminar 



From File Box to Sarbox 

How a large regional bank transformed its technical operations 
environment to COB IT standards for 0CC and Sarbanes-Oxley compliance 



Speaker: Renee Murphy 

Executive Partner, ControlSource LLC 

Our keynote speaker, Renee Murphy, heads 
up a consulting firm specializing in 
helping businesses streamline their IT 
organizations using best practices and 
effective process management. Before 
starting her own firm, she was VP of a 
regional bank with 53 locations, driving 
the strategic, technical and tactical 
direction of its technical operations. 
Ms. Murphy has a nine-year track record 
of success working in the banking, soft- 
ware, entertainment, retail and services 
i ndustri es . 



Date: Wednesday, December 8 

Time: 10:00 a.m. Pacific 
(1:00 p.m. Eastern) 



Moderator: David Rubinstein 
Editor, SD Times 

David Rubinstein brings 
more than 25 years of 
newspaper experience to 
his role as editor of 
SD Times. He has covered a wide 
range of software development 
issues in his five years at the 
helm, and writes a regular column 
that examines the development 
industry as a whole. 
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Leading charting technology now available for the .NET Compact Framework and Smart Device applications. 



Snrlwjiir f% hn£.in shippinE 
Plnckjfc! Ch.lH FX lb* Ihft 
NET Tfifripiir! Fr^PH^i-nrt rhN 
monlli- Piltort al a rerawiablc 
ilMM fticto Own FX imrtudes 
nvM dw \u\iua k-Muan afiet&d 
in fhc Hill Chsrr CX fcf ,NET, 
k-avin,j{ lkje Lifili, tiwit! that jii 
no* applicable due (ra device ar 
pljitftHin tifniLiiiurts. Itockel 
Chart F\ \b also int-kidcd art m 
CMltt clur^c lu the tull ■. ltwuh 
ui Chart Of ft* .NET, pneed 
j| 12.699, shJI IriLludus. Ludl 
Wlmhws Torms and Web farms 
■unnnj»uliLy. 

*\h.I«« Chinl F* tor .NET ii 

J chjrtiiirt u.MrifK.nu'ril k.u 
•■ i ■<■ I \ <i^*<lii(iinft ^pfJic^tirin^ 
lh.ll eiltind fc'i , iL+-r]ni , iSf 1I.1I.' 

vkunii/^Hftn and .innly^K 
f:.ifwhl1ilipi in nvihilt' iIh'. ih- 
Wl\h VIwhI ^ucIip .NFJ and 
Ourl FJi fffl .Ntl. rK^kipfirt 
r.in quirkk hii Id pnv.rnm 
Hr.iphir.il jpfilicmnns lli.ir 

rnnnrrl k-i iTwinn rndcaF d^lfl 
and iun cxi Sm.iri EJcvlcis. 

■'With F*nr k^i Oari FX 

yttu can expert a 

ccwnporwinl with the 

ri^ht fealure set, 

P*wij^mBEy and memory 

foolprinl ior your 

mobile ^pnlrrattors," 

HjLkLi chjri rx i'o- .sir 
pan-idL-i ii ik>iyn-1iinL'L'\pifiL'TH.e 
jM>»nljlv compiled eqpjnM ihe 
NET rr,inM'w*urt. ihai iric^rnUs 
M'jirnl<">sh. [fltO Vi-u.il stinliii 
.NET rtlluwnfl you lo SPlup 
< h.irl .lHrllniln ,i<ltl prnfiedrt-* 
PhWUv. T"ht* rrHT.ihlpr*1,> Mi-nn- 
ihai titers ,inp (ii> fe.il uw^ ii 1 ihe 
rf^ijpi lirm» v^THnn nf ihp 
i Mill"-.! rh.it v. ill ilrfl [w .Trvjilable 
in iFin nin-limc vefsirm l*rnilffl 
:ri wfjfL in ihti NET CumpMl 
Ff^nwvwirV and hrilli wwmhlip? 
adhere: In <ho "{null h jj:hhJ' 
pnncipJ*' Imr mnhjlrflpplirfltinn5 

As j GDI+ Inlensfcve 
cnrnpoficnl. Chan F\ has been 
lTl", '.'ktpod wilh tLidiiVii^JLli'.fi 
lhaJ help nnprcw.it screen redrjm.- 
This, is puitit-uLuly iftlpuiLiri: 
wficn conT.-Hdering rmATtas 
jppliLjtujnt. whL'iu hifrniirv 
CPU speed. ar*d ^hcr iCHMJn.« 
jil- jI j prunl.ui:i CutlsldunrlH 
■hij >rmill sc«xfi size t^ 
l\jLfejrtFfJi. lliev'w hudf wjrf 

dvirt* di^pkih well m ,1 punriiil 

Mlhv Itl.-iri in ,i i,ir-ilM L i|n.' 



nrirnl.^linn nnd rvrip Iho drmull 
f.h.lrt f- X Cf ik> - p,lfel IP ll.« lw*fl 
*"hi»ngPf.l In imprifYV,ci (npih*|i1y, 

FVihjps ana at Ihc main 
flrivflnrflpr^ Than F \ prmirirs n 
J i •:■■:-! S-H'iil API .1 nil C > > - 1 -. - ■ I 
rondel flcn^F »|l nr mc ptflttivm* 



"lypprirlrrl in Ihrir prndnrl line, 
■nciudlnp .Ntl, COM .irld ].W.1. 
Thisi rrwan';, dc^Tlniwin; cm 
leyerj^ Iticlr knL'nvkHd^e In a 
panirulflr Ch*rt FX prnttud hn 
move frf pHiri jo .iptdicukMi [<:■ a 

i ,n-i|i ; ri ■. ,|,i t . •■!. •-■ | pi. r. in-; 



Atqinn'Pd IfiinaFKT^Tnrinn 
rthlfii lire now pnWtiiilg rirsi- 
^pnenillfir ^lldringn n| I l*rir 
.NET Conipacl Frame\vf>*l( 
pr-ndurr?. Snttwarr F\ has lirrn 
hullfJkiH .irid nfi'iirlriH charting 
CJimpcmcTna irrr .^■liciTJwfrti mrfiflc 



Pr*v™i»mifnn i 5 pmr (ait n rinrjdp 
Wlih fncluif Clurt F* for .NET 
yioiii can pupprr .i rnrripnnrnl 
vvifh the rii£hl icif.ute m, 
pnrtahility and mrmnry innhprint 
mi vrjur tnuhllD applical«ins. 
Visit ii.ih.-Lv.^nltwaccni.ccm I 




prise- Level 
ta Visualization & Analysis 



illi-Platform Extensi!: 

^ufUse PerNirrn 

iistanding Support Scalabil 
int I A PreHv F.i( eJ 



Extensibility 
Perforrnan< 

ScoLihility 



Chart FX 



wwv*,»ftwicefK.«m 



www.surtwa.iTfx .com 



In Ihe US: iBQDl M2^17E - In ihc UK: -4^ iCJ> 1 17 105 87.11 * In Germany: MflO-24 27 P.l-9 



OHM hltfwi I L ^1 Tf ii rr-P--l 

1 I I «i rfU^iHl kJik-IAati II VthUW I I. 



12 



NEWS 



. Software Development Times . December 1, 2004 . 



www.sdtimes.com 



Routing Messages Reliably, Without MOM 



Blue Titan offering supports WS-ReliableMessaginq spec 



BY JENNIFER DEJONG 

What happens when Web ser- 
vices require support for reli- 
able messaging, but the corpo- 



rate network runs over HTTP? 
"You have to buy a message- 
oriented middleware prodvict 
and integrate it with the rest of 



the network," said Chris Schin, company was expected to 

director of product marketing address this problem last month, 

at Blue Titan Soitware Inc. announcing Network Director 

The San Francisco-based RM, which adds support for the 
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WS-ReliableMessaging specifi- 
cation to Network Director, Blue 
Titan's HTTP-based "network 
overlay" for companies that rely 
heavily on Web services. In the 
past, such companies could use 
the HTTP protocol for 80 per- 
cent of their messaging needs. 
But important transactions, 
such as stock trades, required 
message-oriented middleware 
(MOM), said Schin. "What we 
are doing is taking that step away. 
You no longer need to buy and 
integrate a messaging middle- 
ware product in order to support 
reliable messaging." 

Authored by BEA Systems 
Inc., IBM Corp., Microsoft 
Corp. and TIBCO Software Inc., 
the WS-ReliableMessaging spec 
ensures that Web services reach 
their intended destination — only 
once, and in the proper order. 

'SMART' AT NETWORK LAYER 

Made up of SOAP routers, Net- 
work Director RM, and Network 
Director, are designed to trans- 
mit SOAP messages over HTTP. 
But they do more than direct 
traffic; they also provide at the 
network layer Web services man- 
agement features, including per- 
formance monitoring, and sup- 
port for registries and identity 
management. Such capabilities 
are typically provided at the 
client layer, but Blue Titans 
offerings let developers "make 
the service as dumb as they 
want," said Schin. "We will make 
it smart at die network layer." 

According to Schin, Blue 
Titan competes with Actional 
Corp., AmberPoint Inc. and 
Infravio Inc. (for performance 
monitoring), IBM, Sonic Soft- 
ware Corp. and WebMethods 
Inc. (for MOM), Infravio and 
Systinet Corp. (for Web services 
registries) and DataPower Tech- 
nology Inc., Forum Systems 
Inc., Oblix Inc. and Systinet (for 
identity management). 

Network Director RM, which 
starts at US$400,000 for four 
routers (which the company calls 
"control points"), is aimed at 
companies adopting service- 
oriented architecture on a large 
scale. It's used by enterprise 
architects and IT administrators, 
as well as by developers author- 
ing Web services, said Schin. 
They can cut and paste into 
Network Director RM (or its 
predecessor) any Web service 
written to the Web Services 
Description Language standard. 
"Without [support for reliable 
messaging] you can't do the last 
20 percent of an important appli- 
cation" he said. I 
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WS-Discovery Finds Web Services Without the Load of UDDI 



BY YVONNE L. LEE 

A specification aimed at provid- 
ing a way for one Web service 
to inquire about the presence 
of other services that meet 
specified requirements without 
the overhead of Universal 
Description, Discovery and 
Integration (UDDI) is set for 
preliminary testing. 

The specification, called Web 
Services Dynamic Discovery, or 
WS-Discovery, has been avail- 
able since late October on die 
Web sites of the audioring com- 
panies — BEA Systems Inc., 
Canon Inc., Intel Corp., Micro- 
soft Corp. and WebMethods Inc. 
It will undergo its preliminary 
testing workshop at Canon's 
Lake Success, N.Y., headquar- 
ters Dec. 6-7. 

During this workshop, ven- 
dors will implement versions of 
the early specification and see 
how interoperability on various 
Web servers can be attained, 
Astor said. 

"This is not a core spec for 
the development manager of 
the Gap," said WebMethods' 
vice president for standards and 
platform strategies, Andy Astor. 
"This will be important to him 

Allora 4 Works 
Without 



Script 



BY EDWARD J. CORREIA 

Among the major features in 
Allora 4, Hit Software Inc.'s 
relational-to-XML-mapping 
tool released in late October, 
are support for stored proce- 
dures, script-free transforma- 
tions and the ability to generate 
Java code without a Java IDE. 

According to Ale Gicqueau, 
Hit's XML technology evange- 
list, XML documents can now 
be generated from stored proce- 
dures, not just from database 
tables and views as before. The 
new version also can now per- 
form a database table look-up 
during transformations. "This 
allows code to be translated on 
the fly to new values defined in a 
look-up table," he said, a task he 
said required scripting in the 
previous 3.6 version. A new wiz- 
ard-driven code generation tool 
creates executable code for bidi- 
rectional XML-to-RDB trans- 
formations. 

The US$2,990-per-seat tool 
also now includes enhanced 
XML schema support. A deploy- 
ment license costs $3,990 per 
server processor. I 



or her because he or she will 
purchase a product that imple- 
ments it." 

Although WS-Discovery has 
a smaller overhead than specifi- 
cations that require UDDI, 
Astor said he doesn't believe 



that it will replace the Web Ser- 
vices directory specification. 

"UDDI is a technology 
that's here to stay and is going 
to see greater and greater 
acceptance over the next few 
years," he said. 



One advantage of WS-Dis- 
covery is that developers can 
search for another Web service 
and specify its requirements 
directly from within the Web 
service, Astor said. 

Following the workshop at 



Canon, the companies will 
accept discussion and opinion 
on the specification. It will then 
be submitted to a consortium, 
most likely OASIS or WS-I, 
Astor said. This can take from 
"weeks to months," he said. I 
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Easy to Use 
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Easy lo License 



licensing with Ac tiveficpar ts For .NETi'i straightforward and easy lo undcrsUind. 
There Snc no hidden costs, ralTa licensing Fcei. or rrjy^ltres chat god For end 
users. Once you apply the- key received when you purchase, you are Tree to 
create and deploy you. reports as needed. 



Easy to Deploy 
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Jn Erie Globa, Assembly Cache |GAC| 
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But it works on 
my machine. . . 



With Wise it will 
work on theirs too 



What you expect from the Installation authoring experts: 

Create desktop, aei vet W&b and nftnbila insSallalians 
Industry's best .MSl and .NET Framework, support 

Quick-lQ-nsft^lijr JnSH^IIjhnn iyrhfinivg ^nwiri^rtrrtoht 

Support (or advanced technologies: SGL Server, ASF.NET. C#. 
VEl.NET. XML Web services, no touch deployment and more 

What's new - only from Wise: 

Ensure oplimum installalion nekahihly with Wise's installation 

management technology: 

Diagnose end F« potential conflicts before your application's nateaee 
UitdaiilAnd ta*ofry how your application will b* itfteekid by tt^ 

production ^rivinOnrrtoni'6 CCrifaguJihG-n 

Manage the complexity of installalion resources by storing 
components in a cenlraJized teaosrtory - access hit oy a!' 
developers - regajdlesa of location 



Download your irae evaluation at 
http:/Ve^al-jation 5. wise.com :: ■ j 
receive 1he free inetallalion management 
wrurtepapar: *How ta buiid reiiahie 
tnsiaHabans rbr compter enwrDnnteuts." 
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DevTest Combines Test 
Planning, Management 



BY YVONNE L. LEE 

Test management tools need to 
be easier to manage, according 
to TechExcel Inc., so it has 
included planning and schedul- 
ing along with script creation 
and test creation in its DevTest 
tool, released in late October. 

It competes against Mercury 
Interactive Inc.s Test Director 
and Rational Software Corp.'s 
Test Manager, said Jason Ham- 
mon, senior product manager. 

It works on Windows servers 
running IIS, although it sup- 
ports both a stand-alone and 
Web-based client. However, 
the software can integrate with 
automated software testing 
tools that test on Unix or other 
platforms. When DevTest 
works with this software, it 
schedules the tests, but the oth- 
er software performs them, 
Hammon said. 

It performs the customary 
tracking functions oi listing task 
ID, names, the assigned tester, 
platform and status, and keeps 
tabs on how much time it has 



taken to complete the task. 
DevTest also has charting and 
graphing capabilities, which 
Hammon said are useful in plan- 
ning for future test sequences. 

DevTest comes in three fla- 
vors: a stand-alone version, an 
integrated version and a Web 
client. The stand-alone version, 
which starts at US$695 for a 
single user, can plan tests and 
track the progress of tests. The 
integrated version, which starts 
at $890 for a single user version, 



can with the company's Dev- 
Track software search for defect 
names, and can edit informa- 
tion from DevTrack. DevTest 
Web is $2,000. 

In addition to combining the 
various test scheduling and 
recording functions, DevTest 
integrates with TechExcel's 
DevTrack product, so that it 
can automatically generate bug 
reports, which in turn can be 
tracked when the test fails, 
Hammon said. I 
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DevTest includes reports that can be used for further test planning. 




News Brief? 




MORE UPGRADES 



_i_ 



_i_ 



Perl. Pricing for the PDK ranges from 
US$145 to $199.95 . . . Accusoft Inc. has released an upgrade to its 
ImageGear Professional imaging toolkit. Version 14 of the US$3,995 
library introduces the ability to edit Adobe PDF files and use the new 
Captive Image and Scanner Interface Specification, or ISIS-based 
devices. It also works with the TWAIN 1.9 scanner standard. The library 
works with Linux, Mac OS X, Unix and Windows . . . Version 5.5 of 
EiffelStudio, an Eiffel language IDE from Eiffel Software Inc., includes 
a faster compiler, docking facilities for plug-in tools, an improved 
debugger for .NET, and implementation of new features in the Eiffel 
language. The company says that passive support for users new to the 
language is available on its Web site . . . FileMaker Inc. has revised its 
FileMaker Pro 7 and FileMaker Developer 7 database 
tools for Windows and Mac OS X. FileMaker Pro 7 v3 has 
improvements in text editing, layout editing, scripting, cal- 
culations, portals, value lists, import/export, find, spell- 
checking, security and Japanese language functionality. FileMaker 
Developer 7 v3 has changes to the script debugger, text editing, lay- 
out editing, scripting, calculations and portals. 




PEOPLE 



PalmSource Inc. has appointed Jean-Louis Gassee as its 
chairman of the board, replacing Eric Benhamou, who 
resigned in October. Gassee is a general partner with 
Allegis Capital, and is well known as the founder of Be Inc. 
and former executive of Apple Computer Inc. . . . Electric 
Cloud Inc., a company that offers high-speed build 
servers, has promoted co-founder John Graham-Cumming to chief 
scientist; he had been VP of engineering. That post will be filled by 
Anders Wallgren. I 




GASSEE 



Does your Team do more than just track bugs? 



Alesjys Team dues!! Alexia Team 2 is a multt-user Team management system that provides a 
powerful vet easy way to manage alJ the memoes of your team and (heir tasts - including defect 
tracking. Use Team nelu 0111 of the box or tailor it to your needs. 



Download Your - 

Free Trial at nOBrL 

www.alexcorp.cam 



Track all your project tasks in one database so 
you can work together to get projects done. 
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TEAM 2 



Download a free, no obligation trial version at vrww.alexcarp^cam. 
Need mere help, give us a call at 1-BBS-BSG-ALEX (253-9 ). 

•nam 2 warfca *ilh rti Dan mlmilmil GalDbiiM, *hiln r-nnm SQL *orha wtfi MjctokMI SDL and Oracle &h'vbh 
All variianx nl ream 2 wort hi Windows itWS'MEi jr-a YKikuwi *J iraOOTJtt* Ntticipi and lit mini mlimrt bm«i«. 



'-" 'Mln I ■ !■ »i rn*1taR 



I 'H J '•*, I Wrti 1 



■r U. h Fro. »mi- 
4j Ip ■ f 1 r P 




mm 


mdn 


— — — 


- 








■ 








V- -MV 




■-*• 




._■- 


>" ■- - — 1 «imi 


MMt 




- twi« 



















■z 

■ — 






HHI 








■-*« ■— ■ ■ "' — 


m nn 


_ . , 


■ I « * 





16 



NEWS 



. Software Development Times . December 1, 2004 . 



www.sdtimes.com 



Internet Time One-Way Links Were Key to Web 



Dec. 1990 



Tim Berners-Lee demon- 
strates his World Wide Web 
browser and a line mode 
browser, which provide 
access to hypertext files, 
CERNVM "FIND," and 
Internet news articles. 



The number of 

Web servers 

had grown from 

one to 50; term 

"surfing the Internet" is 

coined by Jean Armour Polly. 




Feb. 1993 



NCSA releases first alpha 
version of Marc 
Andreesen's Mosaic for X. 



March 1994 



The National Science 
Foundation rescinds the 
Acceptable Use Policy 
prohibiting commercial 
use of the Internet. 



Oct. 1994 



W3C founded. 



Aug. 1995 






First version of Microsoft's 
Internet Explorer released. 







\n\cmct 



Jan. 1997 



HTML 3.2 recommendation 
released. 



May 1999 



Web Content Accessibility 
Guidelines released. 



Feb. 2000 



Authoring Tool Accessibility 
Guidelines released. 



Dec. 2002 



User Agent Accessibility 
Guidelines released. 



July 2004 



Berners-Lee awarded OBE 
in recognition of the Web's 
influence. 



ii 



The World (world.std.com) 

goes online, becoming the 

first provider of dial-up 

Internet access. 



World Wide Web, HTTP, 

UDIs (now URIs), HTML 

published. 



Three X Window browsers 

and a CERN Mac browser 

become available. 



March 1994 




Andreesen and most 
members of the 
Mosaic develop- 
ment team 
leave to form 
Mosaic Commu- 
nications Corp., 
later Netscape 
Communications Corp. 



Oct. 1996 



First W3C recommendation, 
PNG, established. 



XML recommendation 
released. 



Jan. 2000 



XHTML released. 



Nov. 2000 



DOM level two 
recommendations released. 



June 2003 



SOAP 1.2 released. 



Web Ontology Language 

and RDF for the Semantic 

Web released. 




Berners-Lee's 'Christmas present' unlocked potential 



^^^^n hat started out as an experiment in a 
ft T A T m research lab turned out to be a holiday 
^_^_ present for businesses and everyday peo- 
ple. As the Web moved from the realm of an exper- 
imental network of research institutions to one used 
commercially, rules had to be established so the 
Web wouldn't fragment into multiple mini-Webs. 

Hypertext had existed for decades, but with previ- 
ous systems the links had to be bidirectional, requir- 
ing permission from both parties, said World Wide 
Web Consortium (W3C) spokeswoman Janet Daly. 
World Wide Web creator Tim Berners-Lee had the 
bright idea of creating a system diat could link any 
item on the Internet by naming it. On Dec. 25, 1990, 
Bemers-Lee demonstrated his system, which consist- 
ed of HTML, die HTTP transport and UBIs. In addi- 
tion, he demonstrated his own server and browser. 

"Tim's twist on hypertext systems was to allow 
one-way," said Daly. "It was absolute heresy to 
hypertext programmers in 1990." 

The specifications for this system of free linking 
were made public in early 1991. The freely available 
specifications, together with the National Science 



Foundations rescinding its policy oi prohibiting 
commercial use of the Internet, spurred interest in 
the Web, Daly said. However, with the commercial 
interest came fragmentation. "Netscape or the pre- 
decessor of Netscape, NCSA Labs, started intro- 
ducing custom tags with their browser," Daly said. 

"Vendors were taking Tim's original HTML and 
making it better in their own eyes," said Steve 
Bratt, the W3C's chief operating officer. 

The World Wide Web Consortium tried to lay 
out Web specifications and to ensure that there 
would be a single unfragmented Web, said Daly. 

"The goal was to make sure they all followed and 
interpreted the standard," she said. One caveat 
about the W3C's specifications, called recommen- 
dations, is that they are just that, pointed out Mol- 
ly Holzschlag, member of the Web Standards Pro- 
ject, an advocacy group that attempts to encourage 
W3C compliance by browser makers. "ISO, for 
example, is a standards organization with a full 
compliance set that if not met, well, products don't 
ship, period," she said. "With a true standard, com- 
pliance is mandatory." On the other hand, vendors 



Credit Web for Open-Source Explosion 

Standard network eased collaboration, fueled its own growth 



"'ST^ithout the Web, open-source develop- 
ment could not have become nearly as 



M—k Jb widespread it is today. And vice versa. 

Think about it. The first public release of the 
open-source Apache server in April 1995 was 
deemed a huge success, and is by far the dominant 
HTTP server on the Web, according Netcraft Ltd., 
which tracks Internet infrastructure. Open source 
powers the Web; the Web fuels open source. 

According to one of Apache's pioneers, Brian 
Behlendorf, the Web might be quite different 
today had it not been for the open-source efforts of 
a small team about 10 years ago. "Like gravity and 
the Big Bang — I don't know that one could have 
succeeded without the other." Behlendorf is 
founder and CTO of collaborative software solu- 
tions vendor CollabNet Inc. 

Behlendorf was among the original eight devel- 
opers that built Apache, which started as a collection 
of patches and bug fixes for HTTP daemon 1.3, 
developed by the National Center for Supercomput- 
ing Applications (NCSA), at die University of Illinois. 
In February 1995, httpd was world's most popular 
server; a year later, that spot belonged to Apache. 

"The idealistic notion was to create a reference 
implementation of the [Internet Engineering Task 
Force's] HTTP spec that would be available to 
everyone, even Microsoft or Netscape," he said. 
The belief was that if a high-performance refer- 
ence implementation was available, there would be 
no excuse not to comply with the HTTP protocol, 
he said, "because most of the excuses of noncom- 
pliance to standards usually involve difficult or 
impracticality of development or time constraints." 

And Behlendorf said that from a practical stand- 
point, the presence of a standard also guarantees a 
level playing field. "Most importantly, there isn't a 



single entity that owns the client and the sever." 

Behlendorf said that prior to the Web, open- 
source developer collaboration was done through 
e-mail. "As the Apache group got under way, we set 
up a CVS tree, which gave us a repository for source 
code and acted as a time machine to allow us to roll 
back changes and see who made what changes." 

Next came a Web-based bug database, which he 
said effectively tracked open issues and kept the 
team focused on what needed to be done next. 
"That mentality, the collection of tools and making 
them work well together [became] the premise 
for CollabNet," Behlendorf said, of the company 
he founded in 1999. 

Also founded that year was SourceForge.com, 
an open-source repository and developer collabo- 
ration site now owned by VA Software Corp. The 
site, which currently boasts more than 90,000 pro- 
jects, offers free hosting and advanced features on 
a monthly or annual subscription basis. 

Jan Liband, director of software marketing at 
VA, recalls software development before the Inter- 
net. "Back then you had sneakernet. Now someone 
at any moment can go into a central repository and 
check in, check out, see how popular something is, 
who's working on it, and contribute thoughts, ideas 
or move the project along. You couldn't have done 
that without a network." 

In those early days, he said, software projects 
were frequently scattered across many different 
areas. "Early computer hobbyists shared code with 
tapes and punch cards. If you wanted to recruit 
experts, you had to go to 24 different places." 

Liband agreed that the success of open-source 
and the Web are intimately intertwined. "They 
grew together and provided synergies to each oth- 
er; you couldn't have one without the other." I 



www.sdtimes.com 



. Software Development Times . December 1, 2004 . 



NEWS 



17 



can choose to ignore a W3C recommendation, 
which will lead to incompatibilities. 

"The other things that got W3C started 
were Tim wanted to have a meeting place that 
would have the same functions as the IETF. As 
the IETF serves the Internet, the W3C serves 
the Web," said the W3C's Daly. 

While most noted for laying out the HTML- 
and XML- related specifications, the W3C 
actually released the portable network graphics 
(PNG) specification first, in October 1996, 
three months ahead of the first stable HTML 
release, HTML 3.2, Bratt said. 

The other surprise most people discover is 
how quickly XML followed the HTML releas- 
es, said Bratt. 

"People think about XML coming out way 
after HTML, but the first XML was 1998," he 
said. Bratt called XML the W3C s most impor- 
tant specification for business applications. 

Bratt cited the W3C's accessibility initia- 
tives as being as important as the technical 
standards because they make Web pages open 
not only to users with different kinds of needs, 
but also to different kinds of devices. 

Down the road, Bratt said he believes rec- 
ommendations for mobile Web applications and 
for the Semantic Web are in the vanguard. 

The Mobile Web recommendations deal 
with how devices can relay information about 
their capabilities, such as screen size, the kinds 
of audio they can accept and the kinds of user 
input devices attached. 

"This is something that seems to be a 
growth area now," said Bratt. "I think Japan 
and Europe are ahead. Probably North Ameri- 
ca may be in third place. What's lacking is glob- 
al standards." 

The Semantic Web, the group's most recent 
venture, seeks to overlay the current Web with 
information about the meaning of data con- 
tained on a page. 

"You can imagine in the Semantic Web 
building new tools to browse the Web, to add 
semantics, to add workflows," Bratt said. I 
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Web-Based Development: 

A Giant Step Forward, Small Steps Back 

New technologies emerge; old ones are new again 




01most no one saw it coming: how the World Wide 
Web, which appeared on the scene as a giant, online 
information source with a universal front end, 
would turn enterprise application development on its head. 

"In the early days, developers were dismissive of the 
Web," said Tim O'Beilly, founder and CEO of computer 
book publisher O'Beilly Media Inc., in Sebastopol, Calif. 
To many, the Web's arrival was like the introduction of the 
PC. "It looked like a toy. But in reality it was a whole new 
paradigm." 

A decade after its 1994 debut, the Web has not only 
emerged as the programming platform of choice, but also 
as a central integration hub 
from which to connect to 
widely dispersed data and 
applications, virtually none of 
which was designed with the 
Web in mind. "Most people 
didn't see even a small por- 
tion of the possibilities to 
come," said former Novell 
Inc. CEO Bob Frankenberg, now chairman of tools maker 
Kinzan Inc., in Carlsbad, Calif. "Initially, [the Web] was a 
means of giving lots of people access to information — very 
little else." 

The Web's transformation from online resource to inte- 
gration platform owes its success to a host of new and old 
technologies and a willingness on the part of key technolo- 
gy vendors to commit to a common set of standards. Led 
by the W3C, vendors committed to moving things forward 
in a pragmatic way, recalled IBM Corp.'s Bob Sutor, direc- 
tor of WebSphere foundation software. "There was one 
breakthrough after another, each building on top of the 
other," he said, noting the arrival of HTML and HTTP (in 
1994), XML (in 1997) and SOAP and Web services (in 
2000). "It's remarkable the progress that has been made." 

TWO STEPS BACKWARD 

The move to Web-based application development also 
entailed some steps backward. "A lot of programmers 
didn't like the browser," said Frankenberg. "They had got- 
ten used to fat clients." 

The browser took application development three steps 
forward in terms of accessibility, and two steps backward in 
terms of usability, added Bandy Heffner, an analyst at For- 
rester Besearch Inc. 



'Most people didn't see 
even a small portion of 
the possibilities to come.' 



—Bob Frankenberg, 
chairman of Kinzan Inc. 



Tim Huckaby, CEO and co-founder of .NET consulting 
firm InterKnowlogy LLC, in Carlsbad, Calif, said, "We are 
just now beginning to talk seriously about smart Web 
clients," as well as developing tools that overcome the lim- 
itations of technologies such as HTML. "Many of the 
coolest productivity features in Visual Studio 2005 are 
around automating HTML," he noted. 

Web development has also brought to fruition tech- 
nologies that have been long talked about but not widely 
adopted. Sophisticated Web applications forced the use of 
middleware, making three-tier development a reality, not 
just something client/server developers building large 

applications grappled with, 
said Gary Barnett, an analyst 
at London-based Ovum Ltd. 
The application server 
greatly simplified the task of 
creating the middle tier and 
linking to databases and 
back-end applications essen- 
tial to completing transac- 
tions. But until the past two or three years, many e-business 
efforts weren't actually automated, he said. "Users filled in 
Web forms, which were e-mailed to people who rekeyed 
the information into back-end systems." 

True integration — the ability to take Web apps and fuse 
them with other applications and businesses without get- 
ting people involved — is "distinct from any enterprise 
development we've seen before," noted Microsoft Corp.'s 
Scott Guthrie, a product manager for ASP.NET "To a tra- 
ditional client/server developer, who built Win 32 apps that 
talked to a database, that ability to hop from app to app is 
remarkable." 

Web development — and its current emphasis on Web 
services and service-oriented architecture (SOA) — has also 
re-ignited a longstanding discussion about software reuse. 
"The ability to create reusable components, and place the 
application logic above them, has evolved [the Web] to way 
more than just an integration platform," said Novell's 
Frankenberg. 

Going forward, the next phase is about putting in place 
the technologies and standards that will ensure the Web 
applications are secure and reliable enough to carry out 
business without human intervention, said IBM's Sutor. 
"When a Web app is moving $10,000 between accounts, 
you need to know that it got there." I 



Ten Years of the World Wide Web 



-< continued from page 1 

None of this would have been possible without 
standards. None of this would have been possible 
without those standards being driven by a vendor-neu- 
tral organization. And none of this would have been 
possible if companies like IBM or Microsoft had had 
ownership or control over the emergence of those 
Web standards, or if any commercial entity had been 
able to levy royalties or transactions fees. With the 
Web, interoperability has always been the name of the 
game. Without interoperability, the Web revolution 
wouldn't have happened. 

That's not to say that the revolution has been an unal- 



loyed success, even on the Web. While many companies 
use the Web to reach out to employees, customers, part- 
ners and suppliers, other people use the Web for less 
charitable ends. Clever coders have learned to exploit 
standards to hack into Web sites, or to use compromised 
Web sites to hack into end users' PCs. Because the Web 
has become prevalent, it has entered the domain of con- 
sumer electronics — but without the simplicity and relia- 
bility that the broad market requires. Clearly, there's 
much more work to be done. 

And more work is being done, most of which impacts 
developers and is being impacted by developers. The 
Web affects everything. The software we write uses the 



Web to enable new applications or integrate old ones. 
We use the Web to write software collaboratively. We do 
business on the Web. The Web is even largely responsi- 
ble for the modern success of open-source software, 
enabling projects to be launched, developers to con- 
tribute to them, and for source code and binaries to be 
distributed. 

The Web, of course, is only one of many applications 
that run across the Internet. Many Internet users start- 
ed with e-mail or telnet; even today, many other services 
like instant messaging and videoconferencing are non- 
Web applications that use the Internet. But it's the Web, 
standardized by the W3C, that fueled the dot-com boom 
and which continues to fuel the revolution. 

All that in 10 years of the W3C. It's been quite a 
decade. We can't wait to see what comes next. I 
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Secure Software Stresses Best Practices 



4 continued from page 1 

Two products, CodeAssure 
Workbench and CodeAssure 
Integrator, will be available by 
Dec. 15, according to Dale 
Gardner, director of product 
marketing. CodeAssure Auditor 
and CodeAssure Management 
Center are expected to be 
released in the first part of next 
year, he added. 

But according to Viega, a key 
feature that separates the suite 
from other security analysis 
tools is the inclusion of a set of 
process components that make 
up the company's Comprehen- 
sive Lightweight Applica- 
tion Security Process 
(CLASP), designed to 
identify and formalize the 
best practices organizations 
can use to provide value 
from a security standpoint. 
When the process is com- 
pleted, Viega said it will be 
released to the industry; he 
hopes that it will be adopt- 
ed as the de facto standard 
best practices for eliminat- 
ing security vulnerabilities 
in applications. 

CLASP is being created 
to help organizations 
define what needs to be 



security. It also divides up the 
security work based on roles 
within the development and 
deployment life cycle, helping 
to ease implementation of these 
practices without forcing orga- 
nizations to change the way 
they work, Gardner said. 

On the tool side, CodeAs- 
sure Workbench is being 
released as an Eclipse plug-in 
for now, Gardner said, to ana- 
lyze C, C++ and Java code, with 
additional language support 
expected in next year's 2.0 
release. According to Viega, the 
tool takes source code or a bina- 
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Source: Secure Software Inc. 
Secure Software hopes its analysis method will 
done to ensure application become an industry standard. 



ry module and translates it to 
create a language-neutral mod- 
el, with all the functions, con- 
trol flows and variables. Then a 
control-flow analysis of the pro- 
gram is performed, looking for 
such things as buffer overflows, 
the order of standard API calls, 
and about 40 other broad classi- 
fications of vulnerabilities. 

Viega added that when 
doing a risk analysis, CodeAs- 
sure tools can differentiate 
between buffer overflow types, 
for example, with a Security 
Adviser feature built into the 
interface. An outgrowth of 
CLASP, Security Adviser 
explains the error found in 
code and offers recom- 
mendations for fixing it, as 
well as helping the team 
determine the severity of 
the problem. "If it comes 
from the network, it's seri- 
ous," he said. "If it's an 
internal overflow, it's prob- 
ably not a security breach." 
This helps teams prioritize 
repair work. 

CodeAssure Auditor is 
used to look at binary pro- 
grams such as Windows 
executables, while Manage- 
ment Center provides 
Web-based access to met- 



rics across an entire organization 
as well as some reference infor- 
mation, Gardner explained. 
"Applications can be monitored 
over time, to see if things get 
better or worse, and that infor- 
mation can be used to define 
security policies," he said. 

CodeAssure Integrator inte- 
grates the analysis engine into 



build systems and test tools for 
building a test environment, 
while a language pack provides 
a language parser, translation 
and knowledge base support. 
The suite is sold on a per-seat 
basis, according to Gardner, 
who said a typical installation 
runs between US$50,000 and 
$100,000. I 



Solaris 10 to Be Set Free 



< continued from page 1 

compilers. 

Java Studio Enterprise 7 
includes integrated collabora- 
tion so that developers can send 
instant messages to one another 
when they have questions as 
they are building their projects, 
said Joe Keller, vice president 
of marketing for Java Web ser- 
vices and tools. 

"As we see groups are 
becoming more and more geo- 
graphically dispersed, you have 
more and more workgroups that 
need to interact," he said. Keller 
described the new collaboration 
as "instant messaging and chat 
capabilities in a code-aware 
way," such that all parties see not 
only the messages, but the same 
lines of code simultaneously. 



Java Studio Enterprise 7 also 
adds UML tools and perfor- 
mance monitoring. 

Sun's tools cost either US$5 
per employee per year or 
$1,895 for a flat perpetual seat 
license. 

In addition to the updated 
version of Java Studio Enter- 
prise, Sun is shipping new C, 
C++ and Fortran compilers that 
have been optimized for AMD's 
64-bit Opteron processors. 

"These optimizers rival any in 
the industry, including those 
from the chip makers them- 
selves," said Keller. "If you're 
using an open-source compiler, 
you're paying a huge tax, you're 
wasting almost half your 
machine. I call it the gcc tax. We 
have a tax break for you." I 



Grand Central Exposes APIs of Its Web-Based Integration Network 



•< continued from page 1 

customers and suppliers. 
"Now, anything you can do 
through [our tools], you can 
also now do through our APIs 
and access the full capabilities 
of our infrastructure through 
Web services." 

Grand Central's uncommon 
business model offers compa- 
nies the infrastructure to inte- 
grate with customers and ven- 
dors on a pay-as-you-go basis; 
there are no upfront costs. 
"We live in a pay-and-pray 
world," asserted CEO Halsey 
Minor. "Organizations pay 
huge amounts of money for 
hardware and software and 
hope at some point in the 
future to recoup that in some 
form oi benefit." But the sad 
reality, he said, is that most 
software projects end in fail- 
ure. "And the more expensive 
they are, the more likely they 
are to fail." 

Free Grand Central tools 
include Process Designer, a 
browser-based design tool — 
enhanced and renamed in ver- 



sion 2005 — for building 
integrations between a 
company's applications 
and those of its partners, 
or modifying those for 
ADP, SalesForce.com, 
Yahoo and dozens oi oth- 
er EBP, CBM, finance, 
human resources and e- 
commerce end points. 
"You only start paying 
when you start generat- 
ing transactions and 
you become successful," 
Minor said. "That's the 
end-state of a normal 
hardware-software de- 
ployment in an enter- 
prise, but the beginning- 
state of our platform." If 
a company's transaction 
payload remains less than 
25MB per month, the service 
remains free. Beyond that, first- 
tier pricing starts at US$1,000 
per month. 

Another significant advance 
in 2005, according to Palmeri, 
is an enhanced LDAP directory 
service with federated identity 
management, which Palmeri 
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Grand Central's drag-and-drop integration tool is built by DreamFactory Software Inc. 



said greatly simplifies authenti- 
cation management. "Today the 
developer is required to man- 
age all of the user credentials 
and authentication methods 
and protocols on a point-to- 
point basis. [Our service] deals 
with the nuances of how the 
end point itself operates," he 



said, so that from the develop- 
er's perspective, all end points 
look the same. 

The service also now 
includes integrated error han- 
dling, with consistent error 
definitions across all connec- 
tors. "Now it's a standard 
aspect of how connectors work 



and all error handling is 
built-in." Prior to this, 
Palmeri said developers 
were forced to write ad 
hoc error handling into 
their own code. "This 
takes a huge percentage 
of the grunt work [out] 
of connecting to an end 
point; it strips away all 
the authentication and 
error handling and pro- 
vides that as part of the 
service." 

The directoiy also 
permits companies de- 
veloping connectors to 
share them more easily 
with other Grand Cen- 
tral users. "eBay, Pay- 
Pal or SalesForce.com 
developers can build 
something and advertise it 
broadly for others to use and 
consume," Palmeri said. Com- 
panies also have the option to 
keep their connectors private, 
such as a link between their 
human resources department 
and payroll administrator 
ADP, he added. I 
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Green Hills Seeks to Protect Linux, Windows 



BY ALAN ZEICHICK 

SANTA BARBARA, CALIF. — 
At its second annual technology 
conference here, Green Hills 
Software Inc. unveiled Integrity 
PC, an add-on to its Integrity 
real-time operating system that 
can run other operating sys- 
tems, such as Linux or Win- 
dows. The benefit of this wrap- 
ping process, according to the 
company, is to minimize the 
damage caused by rogue appli- 
cations or hack attacks against 
those operating systems. 

The Embedded Software 
Summit, a press-and-analyst 
event produced by Green Hills, 
was a venue for the company to 
bash competing operating sys- 
tems, specifically embedded 
Linux, Microsoft's Windows and 
Wind Rivers VxWorks, and also 
the Eclipse 3.0 integrated 
development environment, on a 
wide range of themes, ranging 
from performance and reliabili- 
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Integrity PC adds security to a guest operating system by restricting I/O. 



ty to ease of use. The company 
also used the venue to promote 
its own products, particularly 
the Integrity RTOS and Multi 
integrated development envi- 
ronment, and to announce 
Integrity PC. 

Integrity PC is a separation 
layer that emulates the hardware 
platforms I/O devices and iso- 
lates the "guest" operating sys- 
tem, according to Mike Wolf, 
Green Hills' general manager for 
advanced products. The guest 
operating system runs as an 



application above that abstrac- 
tion layer; the company demon- 
strated Linux ru nnin g on a Pow- 
erPC board while introducing 
Integrity PC, but Wolf said that 
other operating systems, includ- 
ing Windows and VxWorks, can 
also be run as guests on top of 
Integrity PC. 

Guest operating systems are 
protected, Wolf said, by restrict- 
ing I/O. For example, the under- 
lying Integrity RTOS could be 
configured to act as a network 
firewall, allowing the guest oper- 



ating system to communicate 
only with specific IP addresses or 
over specified TCP ports. That 
would limit the possibility that 
the guest operating system could 
be attacked by other machines 
across the network — or that if it 
were attacked, it would be able 
to then attack other systems 
beyond those it was already 
allowed to access. 

Wolf claimed that this 
approach is better than config- 
uring a network firewall func- 
tion within Linux or Windows 
itself, because an internal fire- 
wall might be bypassed or cor- 
rupted by an attack. 

More than a firewall, the 
underlying Integrity RTOS 
could also restrict other I/O 
channels, such as disk access, 
according to whatever policies 
a company's developers cared 
to implement. Development 
licenses for Integrity PC cost 
US$15,000, and there are no 



royalties for deployment. 

What's more, if the guest 
operating system crashes, the 
underlying Integrity RTOS 
remains running. A watchdog 
can detect if the guest crashes 
and reboot it, or logs can be used 
to analyze the failure. The com- 
pany demonstrated that even if 
Linux, running on top of Integri- 
ty PC, hangs, Green Hills' Multi 
debugger can be used to identify 
what happened in real time. 

According to Wolf, Green 
Hills developed Integrity PC to 
meet a specific requirement for 
one of its customers, Boeing. 
But Wolf made no attempt to 
hide that the company's real goal 
isn't to support other embedded 
operating systems, but to 
encourage its customers to 
migrate from them to Integrity. 
"If it's a mission-critical applica- 
tion that you're running on Lin- 
ux or Windows, then shame on 
you," he declared. I 



ObjectFX Puts J2ME on the Map 

SpatialFX adds location-based intelligence to mobile apps 



BY EDWARD J. CORREIA 

If a picture is worth a thousand 
words, how many lines of code 
would that be? Helping answer 
that question is ObjectFX 
Corp., maker of SpatialFX, a 
set of Java class libraries that it 
claims enable developers to 
add location-based visualiza- 
tions and data to enterprise 
applications. 

The company in late Octo- 
ber released SpatialFX Micro 
Edition, bringing the same 
functionality to handheld com- 
puters and other resource-con- 
strained devices. 

CEO Barry Glick explained 
that his company's tools could 
be used to improve the efficien- 
cy of applications running in a 
trucking company, which might 
have many different types of 
vehicles with varying capacities 
and material-handling capabili- 
ties. "Plus, each customer 
might have their own windows 
of opportunity for drop-off 
based on business needs. It 
becomes critical to have the 
power of location be harnessed 
for addressing decision-making, 
increasing efficiency and reduc- 
ing cost," he said. 

SpatialFX tracks assets in 
the field using input from GPS 
systems or cellular networks 
and feeds that data back to 



enterprise applications. "Now 
an enterprise can integrate 
location information into a 
whole range of business appli- 
cations, for managing assets and 
people that may be mobile, and 
dealing with customers in dif- 
ferent locations," Glick said. 

The SpatialFX Micro Edi- 
tion libraries cost US$4,000, 
and include maps that can be 
integrated as a visualization 
component inside apps and add 
spatial attributes. A small per- 
device license charge also 



applies, with monthly, annual or 
perpetual fee schedules, all vol- 
ume-dependent. 

Glick said that SpatialFX 
competes with ERSI, a giant in 
the geographic information sys- 
tems market, as well as with 
Microsoft's MapPoint.NET ser- 
vice, despite what he said are 
extreme differences between 
the two. "We offer a product to 
developers; MapPoint.NET is a 
service that can be used to get 
locations, maps and routes as a 
Web service on demand. 



They're really attacking more of 
MapQuest's market than an 
integrated enterprise market." 

Available now, SpatialFX 
Micro Edition can work in 
client/server or Web-based 
application environments, or can 
be used to develop stand-alone 
applications for handheld com- 
puters and other occasionally 
connected mobile devices that 
can be synchronized with a back- 
end system when necessary. 

Glick said that aside from 
requisite memory, which varies 




Map data helps applications be 
more efficient, says ObjectFX. 

by application, the only device 
requirement is a JVM, but added 
that GPS capability is helpful. I 



To Trolltech, Qtopia Is a Single Input Stack 



BY EDWARD J. CORREIA 

While it might seem perfectly 
natural for a cell-phone user to 
alternate between touch-screen 
and keypad for input, combin- 
ing the two interfaces program- 
matically is actually quite diffi- 
cult to achieve. 

So says Trolltech AS, which 
claims to have done just that 
with Qtopia 2.1, the latest ver- 
sion of its graphical user inter- 
face environment for Linux- 
based cell phones and handheld 
computers, released on Nov. 9. 

"Symbian Series 60 phones 
use a button-based user inter- 
face," said Haavard Nord, Troll- 
tech's CEO, speaking of a com- 



petitive operating system used in 
many smart phones. "But if 
[Symbian developers] want a 
pen-based interface, they nor- 
mally go to UIQ," another soft- 
ware stack and API that creates 
applications not compatible with 
Series 60. "Porting is required 
between Series 60 and UIQ." 

In addition to the obvious 
advantage of simplicity when 
combining multiple capabilities 
into a single API, Nord said it 
gives developers the ability to 
create a single binary applica- 
tion that can run on devices that 
use either keypad, touch-screen 
or both. "It was quite a tricky 
thing to do, [but] we've been 



able to combine them into one 
stack. This also makes it easier 
[for users] to get third-party 
applications for a device." 

Qtopia 2.1 can now perform 
handwriting recognition in any 
part of the screen, rather than 
being restricted to a dedicated 
region. "This makes the device 
more usable," he claimed. "For 
example, just by starting to input 
the first couple of letters of a 
contact, it lets the user look up 
[the contact] much faster." 

Royalties for Qtopia 2.1 
range between US$2 and less 
than $1, depending on volume. 
And thanks to some code tuning, 
Qtopia now installs in about 



5MB of flash, which Nord said is 
down from 5.5MB of the previ- 
ous version. "This makes it pos- 
sible to put Linux and Qtopia on 
a phone with 8MB flash memo- 
ry using very inexpensive hard- 
ware, and still leaves another 
1MB for apps, and 1MB to spare 
for user data." 

The software also now sup- 
ports MMS, over-the-air config- 
uration, GPRS networking and 
the ability to use UI themes, the 
latter of which enhances what 
Nord claimed is another of its 
key competitive advantages over 
Palm OS, Symbian OS and 
Microsoft's Mobile operating 
systems. "We allow the develop- 
er to completely rewrite the user 
interface. Established platforms 
do not offer that freedom." I 
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These days, just about all applica- 
tions need to pull data from mul- 
tiple sources, and do it quickly, to 
complete transactions or deliver 
up meaningful, usable informa- 
tion. For companies that conduct busi- 
ness online, performance pressure is 
especially intense. 

Consider Ameritrade Inc., which pro- 
vides online brokerage products and ser- 
vices for self-directed investors: Clients 
are guaranteed that a marketable order 
will get done in five seconds or less. The 
volume can be staggering: as many as 
350,000 trades per day, requiring well 
over a million transactions to complete. 

Plus, this transaction demand does not 
flow steadily. "A significant amount arrives 
at market open and market close," said 
Ameritrade chief information officer Asiff 
Hirji. "It's very, very spiked and peaky." 

eToys Direct Inc. (which operates 
etoys.com) contends with a different kind 
of peak: the Christmas season, when vol- 
ume jumps 10- to 20-fold from other times 
of the year. During the holiday season, 
noted Web services director Mick Lester, 
the firm's Web site handles as many as 5.2 
million page requests per day, which can 
peak at 210,000 page requests per hour. 

So how do developers build 
cost-effective systems and data- 
bases that can maintain exacting 
performance levels and very fast 
response times while contending 
with huge peaks in (ever-grow- 
ing) transaction volumes? 

It begins with the architecture. 
"If you are dealing with high-vol- 
ume, high-transaction-flow systems," 
said Hirji, "one of your starting premises 
has to be that a lot of this must be done 
without ever touching the database." 

For Mike Kirschner, vice president of 
IT business services at Office Depot 
Inc., performance is best achieved via a 



service-oriented architecture (SOA). 
"By that I mean loosely coupled systems 
based on open standards — discreet com- 
ponents or services rather than mono- 
lithic applications," he explained. 

HORIZONTAL SCALABILITY 

Ameritrade, too, is service-oriented; 
applications are distributed over "hun- 
dreds and hundreds of servers," said Hir- 
ji. "To scale those applications, you simply 
add more servers." Developers no longer 
need to think about how much hardware 
is needed to deploy an application. 

This approach presents some chal- 
lenges, however: how to distribute trans- 
action flow across various servers, how 
to know which server is handling which 
transaction, how to spot when there's a 
problem with a server. Ameritrade has 
found several solutions: 

Communicating asynchronously. 
"Design so that a module sends the mes- 
sage but keeps working, aware that it's 
still waiting for a response and able to 
react if it doesn't get a response after a 
certain amount of time," said Hirji. 

Leveraging guaranteed message- 
delivery capabilities in development 
platforms like JBoss. The runtime envi- 



'The need to scale is ingrained 

in everything we do, from technology 

to people.' 



—Chris Cummings, chief information officer 
at eToys Direct Inc. 



ronment will guarantee that if one mod- 
ule sends a message to another, it will be 
received, so developers don't have to 
write all that messaging control logic and 
can focus on the application logic instead. 
Deploying a publish-Iistener (also 
called publish/subscribe) structure for 



much cross-module communication. 

"For instance," Hirji said, "we have a piece 
of code whose sole job is to do nothing but 
receive quotes from the marketplace for 
all securities and broadcast these internal- 
ly to our transaction processing modules. 
Each module listens, but it only listens for 
die pieces of data that it's actually interest- 
ed in at that moment." 

There are a couple of other things to 
watch out for as well. 

"You need a high level of skills in the 
folks designing your services," said Office 
Depot's Kirschner. "You must get diose 
services defined correctly because they all 
have to work together. Instead of building 
one large application, you're building a 
hundred small, flexible and extendable 
applications and trying to string them all 
together — it's more complex and your 
design must be better upfront." 

He also warns about the need for a 
more granular approach to monitoring 
transactions. "In the past," he said, 
"you'd look at just one monolithic appli- 
cation and ask, What's my response 
time?' Now, you're looking at a hundred 
little components and asking, What's my 
response time with each one of those?' " 

GOING STATELESS 

"If everything is stateless," said 
Kirschner, "load can be spread 
across anywhere from two to 
2,000 servers. When a developer 
writes a stateless component, he 
doesn't care if it's for two or 
2,000 — it's not his problem. Cre- 
ating the necessary server farm is 
a problem for the operations people." 

This, he said, enables him to leave 
database scaling to the vendors (his firm 
uses DB2, SQL Server and Oracle, 
among others), who are regularly adding 
features and capabilities like clustering, 
workload management and database par- 



titioning. "I'm finding if I do my applica- 
tions correctly and stay with a good 
proven vendor, the database layer kind of 
takes care of itself as long as I'm doing the 
basics — getting indexes on tables, opti- 
mizing my SQL statements, having data- 
base administrators that know how to put 
the databases onto physical devices." 

At Ameritrade, there's less reliance 
on database vendors. "We're one of the 
few in the industry that owns and builds 
the platform from end to end," said Hir- 
ji. "None of our clients come to us 
because we use Oracle or DB2. They 
come for our proprietary systems and 
software. So it's up to us to make sure 
the application is efficient as possible." 

How? "We try to do away with the 
database," Hirji explained, "and get to 
the point where, for interim state transi- 
tions, the transaction flow is actually 
stateless — so if the thing crashes, it can 
actually recover fairly quickly." 

Thus Ameritrade avoids the perfor- 
mance penalty resulting from putting 
interim state transitions of the transac- 
tions into the database. Instead, the inter- 
im state transitions are stored in physical 
memory on the server and committed to 
the database only when the transaction is 
complete. 

The result, Hirji said, is reduced 
latency and higher throughput. "You're 
basically optimizing for the server and 
the processor that you've got, as 
opposed to the database," he said. Addi- 
tionally, he said, it's easier to recover 
from failure, and costs are lower thanks 
to more modest database investments. 

Ameritrade is migrating much of its 
database infrastructure to open source. 
"For a lot of things we do," said Hirji, 
"we don't need some of the bells and 
whistles that come with today's databas- 
es" such as DB2 and Oracle. 

► continued on page 24 
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Best Practices for High-Transaction Environments 



BY SUSAN MESSENHEIMER 

Here are some best practices gleaned 
from Ameritrade Inc., Auctiondrop Inc., 
eToys Direct Inc., Mobliss Inc. and 
Office Depot Inc.: 

Hire the right people. Auctiondrop 
CTO Andy Jeffrey said the right people 
are key to building quality systems. 
"We've hired people who have experi- 
ence with high-volume, high-transaction 
systems for large retailers or secure 
transactional systems for financial ser- 
vices companies." 

Design for high availability. "This 



means that for each component you 
need at least two servers that can be 
included and removed from the applica- 
tion flow at will," said John Avery, CTO 
at Mobliss. "So the process is: Direct all 
traffic to server 1, update server 2, point 
all traffic to server 2, update server 1, 
direct traffic to both 1 and 2." 

At Auctiondrop, separation of func- 
tionality helps. "When we add function- 
ality to our processing center, it's not 
going to impact our customer-facing 
stuff and vice versa," Jeffrey explained. 
"For the customer-facing stuff, we typi- 



cally do a live upgrade that won't impact 
the customer because well segment sys- 
tems so that some are still running the 
old stuff as we add new stuff to what's 
offline, then bring what's offline back 
online and take off the other systems." 

Build in the ability to shut down 
gracefully. "If you don't consider this 
early in the design, it's easy to paint 
yourself into a corner," said Avery. "Just 
killing the process is not the best 
approach. Applications need to make 
sure that intermediate queues are emp- 
tied or persisted before shutdown." 



Angels in the Architecture 



4 continued from page 23 

Office Depot's Kirschner said he tries 
to leverage open standards and open- 
source products as much as possible, 
though he warned that it's important to 
make sure there's adequate support. 

DRAWN TO SCALE 

"The need to scale is ingrained in every- 
thing we do, from technology to people," 
said Chris Cummings, eToys Directs 
chief information officer. "We think about 
doing everything in really, really large vol- 
umes. Not just the Web site, but also the 
order management system, the financial 
system, the warehouse management sys- 
tem, the customer service system." 

Techniques used in support of scala- 
bility include: 

Caching, to reduce hits to the data- 
base. "We use BlueCoat edge cache 
servers that do caching of HTML pages 
based on the URL, and Akamai serves 
up all our image requests," said Cum- 
mings. "This is probably the single 
biggest factor in our ability to scale 
because when [the holiday] season hits, 
the number of searches goes up dramat- 
ically, and most page requests are 
cacheable. We also do distributed 
caching, more for performance than 
scalability." 

Auctiondrop Inc., which helps con- 
sumers sell goods on eBay, also relies on 
caching. "There are many different types 
of caching that we'll do," explained Andy 
Jeffrey, chief technology officer and co- 
founder. To sustain an ability to process 
tens of thousands of queries and transac- 
tions per day, Auctiondrop uses data 
caching, bringing content into memory 
and keeping it there to reduce database 
hits. The company also uses rich content 
caching, which puts into memory not 
only images and text that are often used 
and little changed, but also more com- 
plex user interface elements — so these 
don't need to be rebuilt. 

Database connection pooling, to 
control the number of database connec- 
tions that are active at one time. During 
its 1999 start-up, eToys Direct struggled 




with connections to its database. "It's 
easy to throw Web servers out there," 
said Cummings, "but when each of those 
servers needs to connect to the database, 
and the number of database processes 
starts exceeding a thousand or so on a 
server, you run out oi memory and you 
go into a major tailspin." 

The solution? "Reliable, scalable data- 
base connection pooling," he said. "We 
solved that in our custom Web server envi- 
ronment by deploying a custom Java data- 
base connection-pooling 
application on our applica- 
tion server layer. We can 
scale to thousands and 
thousands of Web server 
client processes, and those 
processes can share a more 
limited number of data- 
base connections." 

Load testing, to ensure systems can 
handle the peaks. "A critical part of 
being ready for the volume growth is to 
test in advance that we can really handle 
it," Cummings said. "So we use an exter- 
nal vendor, Keynote, to stress our sys- 
tems. Our goal is to stress them to rough- 
ly double what our highest projected 
sales plan is, to make sure that we're 
ready for pretty much anything. It's 
essential that we prove our performance 
capability before peak season, including 
integration points between systems — 
every integration has to be tested for per- 
formance. If we don't and something 
happens during peak, you can't deal with 
it because the volume never slows down 
enough to get your head above water." 

DEALING WITH THE DATABASE 

Large, monolithic databases make people 
like Cummings nervous. "We've broken 
the database out and partitioned it into 
different application uses," he said. 
"We've got one primary transaction data- 
base that takes care of shopping carts and 
checkout on the Web site; we have anoth- 
er that handles customer service activities, 
and we've got a couple of lighter-weight 
database boxes that handle query-only 
product requests." 



eToys has also moved to smaller hard- 
ware, although it still uses a large Sun 
6500 server. "We had big boxes at one 
stage," said Lester, "and we decided to go 
more with the small pizza boxes — 
Apache, Linux. If one dies it's not the end 
of the world, whereas if you're relying on 
a big box and it fails, you've potentially 
lost a third of your architecture." 

Auctiondrop's Jeffrey added: "We've 
separated our database into customer- 
facing, transaction-processing systems — 



'Now that you have the best 
database in the world, the 
next rule is: Use it as little 
as possible.' 

—John Avery, chief technology 
officer at Mobliss Inc. 



you separate those wherever possible so 
you can keep the transaction processing 
very lean and mean and very fast — and 
back-end reporting and analytic systems, 
which are offloaded onto another system. 
In effect, we've fine-tuned that customer 
system to be sort of a racecar database." 

Jeffrey acknowledged that this ap- 
proach adds some overhead, since it 
requires applications to locate needed 
data and make sure it's in the appropriate 
place at the appropriate time. "But you 
solve those issues once," he said, "and 
then you have the luxury of saying, 'Ah, 
we can keep what die customer needs 
over on the customer side and we can 
keep what back-end processing needs on 
the processing side.' " 

Mobliss Inc., a provider of mobile 
media and marketing services, receives 
thousands of text messages per second. 
Chief technology officer John Avery has a 
rule of thumb for keeping tilings hum- 
ming: "Spend most of your money and 
resources on your database solution — 
hardware, software and talent. No matter 
what else you do, the database will always 
be the critical component in your system. 
Now that you have the best database in 
the world, the next rule is: Use it as little 
as possible." I 



Use small, reliable, highly inter- 
changeable modules. "When some- 
thing works, use it wherever you can," 
Avery advised. "Only create a new mod- 
ule if the currently available ones can't 
meet your need, especially when it 
comes to tool components." 

Avoid/reduce interdependencies. 
"Software should isolate critical func- 
tionality," Avery said. Developers need 
to consider reducing interlibrary (jar 
file) dependencies, and whether prob- 
lems in the logging/monitoring system 
could or should bring down the whole 
application. They also should consider 
such things as intermediate queues, if 
certain modules can occasionally have 
long response times. 

Keep your software lean. "The rea- 
son all the pipes and electrical conduits 
are visible in the hallways of a battleship 
but not a cruise ship is to facilitate easy 
monitoring and repair, even while under 
attack," Aveiy said. When it comes to 
software, this means reducing the num- 
ber of wrapper classes and layers of APIs. 
"Code," said Avery, "should be thin and in 
your face." Beware of wrapper applica- 
tion programming interfaces (APIs) that 
hide layers where problems may lurk. 

Employ stored procedures judi- 
ciously. "It's possible today to build 
almost any application completely inside 
the database with stored procedures," 
Avery said, "but my experience is that 
doing so is generally a mistake." Why? 
Because when your database maxes out, 
everything suifers, he explained. 
Instead, Avery advised scaling horizon- 
tally by adding application servers. 

Yet stored procedures have their place. 
"There are great performance economies 
that you get by doing some things in 
stored procedures," Auctiondrop's Jeffrey 
pointed out. "You need to think through it 
before you just say, 'This goes in the data- 
base tier and this goes in the app tier.' " 

Tune, tune and tune again. "We're 
constantly investing effort in perfor- 
mance tuning the Web servers and app 
servers," said eToys Direct CIO Chris 
Cummings. "And we make sure our 
database server is highly tuned from a 
physical database standpoint, a file sys- 
tem layout standpoint and a query per- 
formance standpoint." 

Use a buddy system. At Ameri- 
trade, programmers are paired: One 
person has primary responsibility for 
writing the code, the other is the sound- 
ing board and sanity checker. "What 
that creates," said Ameritrade CIO Asiff 
Hirji, "is a lot better code." 

Tighten the development loop. 
"Our typical project is somewhere 
between six and 10 weeks long," said Hir- 
ji. "We don't do multimonth, multiyear 
tilings because we're convinced everyone 
is useless at estimating in technology. 
There are just too many unknowns." I 
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EDITORIAL 

Sun s Critical Launch 

On Nov. 15, Sun formally launched Solaris 10, the next 
version of its Unix-based operating system. The 
launch caps the company's whirlwind evolution: 

There's the new OS itself, which is the company's first 
to target the new 64-bit x86 platform pioneered by 
AMD's Opteron chips, but now also embraced by Intel's 
latest Xeon processors. 

There's Sun's aggressive pricing for its server and desk- 
top software, as well as for its development tools. 

There's the company's price-driven hardware strategy, 
claiming to beat Dell's prices for low-end rack-mount 
commodity servers, including auctions of servers on eBay. 

There's its continued investment in desktop applica- 
tions running atop a Linux stack. 

There's the continued push into embedded markets, 
such as smart phones and RFID. 

There's the newly updated development tools suite 
based on its NetBeans open-source project. 

It all adds up to an ambitious sweep that is reminiscent 
only of one other company — Microsoft. The comparison 
is a natural one: Both companies own their own operating 
systems, both own their own managed runtime environ- 
ment, and both own their own tools platforms. And both 
management teams are seemingly only interested in par- 
ticipating in multivendor industry initiatives if they can 
control the process and the results. 

There's a big difference, of course: Microsoft is finan- 
cially healthy, able to support its many initiatives with 
ease. Sun is not. Microsoft is immensely profitable, awash 
in an ocean of cash, and has a market cap of US$325 bil- 
lion. By contrast, Sun continues to lose money, albeit at a 
slower pace than before, and its market cap has shrunk to 
US$16 billion. The company is placing many bets, and it's 
unclear how long it can continue to invest aggressively in 
so many initiatives. 

Given the number of projects under way at Sun, it's 
easy to overlook the importance of Solaris. No other oper- 
ating system can span the company's entire range of hard- 
ware, particularly its high-margin enterprise server. Thus, 
for Sun to continue pushing its big boxes, developers and 
systems administrators must embrace (or continue to 
embrace) Solaris. 

Sun certainly has given customers good reason to use 
its operating system. The company has built nearly every 
conceivable high-availability feature into Solaris 10, 
focusing on stability for both the underlying infrastruc- 
ture and its applications. The new version continues a 
strong focus on security, including mainframe-like secure 
containers that isolate individual programs. 

To go back to the previous comparison: While 
Microsoft clearly is the stronger company, Sun's platform 
holds the trump cards in regard to scalability and securi- 
ty. With Redmond's next server operating system years in 
the future, the Solaris 10 launch gives Sun its best chance 
to attempt to regain lost ground and revitalize its faltering 
fortunes. 

Sun's leaders, Scott McNealy and Jonathan Schwartz, 
need to play those valuable cards extremely carefully 
over the next several months. The Solaris 10 launch 
gives them a rare opportunity to turn their company 
around. 

Sun may not get another chance. I 



Tying the Art to Its Business 



If you are in business today, 
you are in software. Regard- 
less of whether you're in con- 
sumer goods, health care, phar- 
ma, telco or defense, you're in 
software. If you turn off the 
bits, you turn off the lights. 
Therefore, the worlds leading 
organizations, regardless of 
industry, are seeing the need to 
"get good at software." They are 
focused on driving business 
benefit from soitware, through- 
out their organizations, and 
right to the bottom line. 

Soitware engineering, the 
process by which software is 
built, is more closely connected 
with business success and com- 
petitive differentiation than ever 
before. As businesses and devel- 
opment organizations strive to 
align software with business 
objectives, they are also strug- 
gling to squeeze more value 
from their existing IT invest- 
ments to drop to their bottom 
line. Business leaders are relying 
on tiieir IT staff to create the 
right infrastructure that will not 
only save money, but will allow 
them to better serve customers, 
protect assets and position them- 
selves to take advantage of "the 
next big tiring." 

So software engineers are in 
die enviable position of control- 
ling tiieir own destiny, and drat 
of their companies, right? 

Not so fast. While it is true 
that software creators are god- 
like in their ability to turn bits 
into business applications, they 
unfortunately are forced to 
practice their craft within the 
confines of a development 
process that is subject to signifi- 
cant external forces that severe- 
ly threaten their success and 
overall value to the organiza- 
tion. Today's software engineers 
are often doomed for failure 
before they even start a project 
due to a software delivery 
process clogged by ever-chang- 
ing business requirements, con- 
flicting priorities and poor pro- 
ject management. It is a process 
crippled by a lack of visibility 
into and across projects and a 
minimal understanding of the 
development process by opera- 
tional managers. 

A recent report by The Stan- 
dish Group provides a glimpse 
as to just how inefficient today's 
software delivery process is. It 
found that nearly one-third (30 
percent) of all software projects 
are canceled prior to comple- 
tion. Of those projects that are 



completed, more than half (54 
percent) exceed budget, 90 
percent are delivered late, and 
two-thirds are considered 
unsuccessful, even though they 
met the functional business 
requirements. 

Imagine if similar statistics 
were attributed to 
an automobile manu- 
facturer or home 
builder. We'd all still 
be traveling by horse- 
drawn carriage and 
living in tents. No 
need to worry, it is 
only our global econ- 
omy's infrastructure 
that we're attempting 
to build. 

Success in software delivery 
has become an art form, mas- 
tered only by the very skilled and 
experienced software managers 
and developers. In most compa- 
nies, development teams are 
working against all odds, in a 
never-ending battle against 
schedule and budget constraints. 

Business leaders turn to 
their software experts to solve 
the most pressing business 
problems but often don't arm 
them with the guidance, 
resources or tools they need for 
success. 

TIME FOR CHANGE 

To overcome these challenges, it 
is necessary to transform the 
very way many software develop- 
ment organizations operate. The 
time has come for die software 
development process to be 
transformed from its current 
chaotic art form into a managed 
business process; turning the 
lens on the art itself so software 
experts can do unto their own 
delivery process what they have 
so eloquently done for manufac- 
turing, human resources, cus- 
tomer relationships, procure- 
ment, finance and IT operations 
over the past 20 years. The soft- 
ware engineering discipline is a 
great example of the "Cobblers 
Children." We have worked our 
magic to solve die problems of 
others, but haven't done enough 
to help ourselves. 

I've held many of die roles 
widiin die development process, 
from business analyst to develop- 
er to vice president of applica- 
tion development to heading up 
a company's product portfolio. 
From this experience, I can see 
firsthand the challenges that our 
discipline faces. Most companies 
today are hindered by gaps 




between organizations, by 
gaps between the roles in the 
development process, a serious 
lack of communication between 
stakeholders, and increasing 
platform complexity. 

The gaps between organiza- 
tions and roles in the software 
delivery process are 
the primary reason 
behind today's lack 
of IT and business 
alignment. Often, 
this lack of alignment 
causes different 
teams to have unco- 
ordinated and often 
conflicting priorities 
and objectives. It can 
also result in a re- 
duced level of visibility, commu- 
nication and collaboration be- 
tween teams and individuals, 
which leads to suboptimal execu- 
tion. The recent increase in out- 
sourcing and off-shoring only 
serves to amplify the problems 
created by these gaps. 

Add to this the heteroge- 
neous environment inherent to 
almost all enterprises. The num- 
ber and complexity of today's 
technical platforms continues to 
have major impact on schedule, 
quality and cost. Existing tools 
do not sufficiently shield devel- 
opers from die extreme level of 
complexity exposed by these 
technical platforms, and conse- 
quently it is often difficult to 
find, fund and train the skills 
necessary for successfully deliv- 
ering todays composite business 
applications. 

Software teams can no longer 
work in silos. They have to more 
effectively communicate with 
the various lines of business they 
serve, as well as with the opera- 
tions team. A great piece of soft- 
ware is only great if (a) it's used, 
and (b) it delivers value back to 
the business. 

Software managers and deci- 
sion makers need to find a way to 
gain a more significant level of 
visibility into their software port- 
folio and increase control over 
execution. This is true at die 
macro level (i.e., what project 
should get funded and why), 
right down to the micro level 
(i.e., what cost/impact will this 
one little change make to die 
overall cost/schedule/quality of 
die project and is it worth it?). 
Finally software teams must 
effectively handle increasingly 
complex distributed platforms 
that are the foundation for enter- 
prise computing. And it's only 



www.sdtimes.com 



. Software Development Times . December 1, 2004 . 



OPINION 



27 



going to get more complex. 

What is the role for software 
engineers in all this? To unleash 
the power of software creators, 
we must first debunk three 
myths that plague software 
development today: 

Myth No. 1: Software devel- 
opment is a mature engineering 
discipline, on par with mechan- 
ical and civil engineering. 

Reality: Software develop- 
ment is still evolving and still 
seeking to match the precision, 
predictability and measurability 
of its kin, 

Myth No. 2: Software devel- 
opment is only about the bits. 

Reality: No developer wants 
to work on a project that does 
not add value to the organiza- 
tion. They must be the right bits, 
or else what's the point? 

Myth No. 3: Software devel- 
opment is unique unto itself, dif- 
ferent from all other managed 
business processes. 

Reality: Software develop- 
ment is unique but also remark- 
ably similar to other complex 
business processes, such as 
manufacturing — disciplines 
that have created processes and 
tools to increase predictability 
and success. 

Software engineers must be 
vigilant in making software 
delivery a core competency of 
their organizations. Those that 
do will be rewarded through 
their ability to identify and cap- 
ture opportunities ahead of 
competitors, shorten produc- 
tion cycles, decrease project 
risk and cost, and increase the 
overall quality and business val- 
ue. Only by tying the art to the 
business it serves, will the soft- 
ware engineering discipline get 
the credit it deserves. I 

Boz Elloy is senior vice presi- 
dent of products for Borland 
Software Corp. 
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IE TOO ROOTED IN OS 

In responding to Jeff Dunte- 
manns "By Invitation" piece in 
the Nov. 1 issue ["The Lessons 
of Software Monoculture," page 
28, or at www.sdtimes.com 
/opinions/guestview_113.htm], 
where should I start? 

For starters, the failings in 
IE stem mainly from the fact 
that Microsoft has always val- 
ued features over security. Ser- 
vice packs don't sell, new OS 
and application versions and 
upgrades do. 

Another reason is that to 
thwart the efforts of legislation 
and the DOJ, Microsoft has 
rooted IE so deep and in such 
complexity into the OS to intro- 
duce all kinds of security haz- 
ards. It has become a fibrillose 
cancer extending its shoots to 
numerous parts of the OS. 
What kind of methodology 
favors this over modularity? 

Shouldn't a user application 
such as this be more isolated 
from the OS? And shall we talk 
about the notoriously danger- 
ous ActiveX technology? How 
comfortable are you with giving 
some component free rein, 
even if it seems to be from a 
trusted source? 

Saying that IE is a victim of 
its own success disregards the 
fact that the Apache Web serv- 
er has some 66 percent market 
share and has a much better 
track record than Microsoft's 
offering, IIS. 

Ii, on the other hand, 
monoculture is the main fac- 
tor, I expect to see dual-plat- 
form worms that infect IE and 
Firefox interchangeably, as 
well as Linux. 

Bvit I'm not holding my 
breath. 

Laurent Somers 



As both a Windows and Linux 
administrator and a former 
Microsoft contractor, I found 
Jeff Duntemann's argument 
appealing. I also found it to be 
dangerously reassuring to the 
Windows Administrators in 
the crowd. 

JD asserted that the vulnera- 
bility in IE is due to its market 
share: The biggest target takes 
the most hits. That's true as far 
as it goes. But even if Mozilla 
had a 90 percent market share, it 
wouldn't be half the security risk 
that IE is. That's because Moz is 
an application. IE isn't. It's part 
of the Windows kernel. When 
Microsoft built IE into the ker- 
nel to realize the performance 
benefits that the user communi- 
ty demanded, it recklessly 
opened the largest single securi- 
ty hole in computing history. 

The fundamental issue that 
Jeff failed to address is as follows: 
In Linux or OSX or any other 
OS, when your browser has a 
bug, you patch the browser. With 
IE, you have to patch your whole 
operating system, which turns 
every "buffer overflow exploit" 
into a stampede to resecure your 
enterprise. For a home user this 
is maddening and annoying. For 
the business community, with 
potentially tens of thousands of 
desktops, laptops and servers to 
patch, it becomes intolerable. 

C/C++ aren't going away 
soon: They're too good at what 
they do. Mature operating sys- 
tems understand the bifurca- 
tion of kernel space and user 
space. My most cherished wish 
is that my former employer 
would "get the memo" on this 
issue before their empire is 
irreversibly eroded by their 
competition. 

R. Marshall Webber 



SIMPLIFIED APIs 

Disclaimer: I am owner of a 
small consulting company that 
works closely with Microsoft. I 
am biased. 

I really wonder how 
Andrew Binstock got the 
impression that APIs will be 
"changed" with future releases 
of the Windows system, result- 
ing in a massive effort to 
rewrite existing solutions 
["The Faithful Spouse," Nov. 
1, page 33, or at www.sdtimes 
.com/cols/integrationwatch 
_113.htm]. Current plans only 
call for tire introduction of new 
APIs, while still supporting cur- 
rent technologies. 

I personally think that the 
sole addition of new — and pos- 
sibly simplified — APIs is actual- 
ly a good thing, and Mr. Bin- 
stock used to share the same 
opinion a year ago when he 
called for new and simplified 
APIs in J3EE: www.sdtimes 
.com/cols/integrationwatch_089 
.htm. 

In general, it seems to me 
that Mr. Binstock had some 
kind of personal agenda when 
writing the Integration Watch 
column for the current issue as 
it is hardly supported by facts. 

Ingo Rammer 

WHAT DO YOU THINK? 

SD Times welcomes feedback. 
Letters should include the 
writer's name, company affili- 
ation and contact information. 
Letters become the property 
of BZ Media and may be edit- 
ed for space and style. 

Send your thoughts to 
feedback@bzmedia.com, or fax 
to +1-631-421-4045. Please 
mark all correspondence as 
Letters to the Editor. 



How Much Will Your Company Invest 
In Customer Relations? 
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Enterprise developers building software for 
their companies' sales departments might soon 
be getting a pay raise. According to the report 
"ERP in Small and Midsize Businesses," pub- 
lished by Aberdeen Group in August, customer 
relationship management will represent the 
largest spending area for applications by small 
businesses in the next two years. 

Driven by the need to reduce operating costs, 
the overriding strategy shown by the midmarket 
enterprise has been toward attaining and keep- 
ing customers, the study found, and investments 
in CRM solutions will be critical to that effort. 

The study, which included 232 companies 



with annual earnings of up to US$500 million, 
showed that about 60 percent plan to increase 
CRM spending over the next 24 months, and 
nearly a guarter plan to devote what the study 
called significantly more of their income to the 
tools; spending amounts were not specified. 
Only 3 percent plan to decrease CRM spending 
from levels of previous years. 

Interestingly, the study showed that only 
about 10 percent of small companies develop 
their own CRM solutions. Of the remainder, 29 
percent, by far the largest segment, use 
Microsoft products, including that provided with 
its Axapta ERP tool. 
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OSGi: Java's Client-Side Container 



Eclipse 3.0 contains an important 
architectural innovation that distin- 
guishes it from previous releases: the 
use of a standardized Java plug-in frame- 
work, called OSGi. Before getting into 
what it is and why its important, let's 
examine the reasons Eclipse architects 
made this change to begin with. 

As many of you know, the Eclipse 
IDE is a Java framework into which dif- 
ferent components plugged. The unit- 
testing functions, the debugger, the code 
editor are all modules that plug into the 
Eclipse backplane. 

Prior to version 3.0, Eclipse plug-ins 
used a proprietary interface to commu- 
nicate with the framework. This 
approach had several shortcomings. The 
first was that Eclipse plug-in require- 
ments were yet another plug-in specifi- 
cation. They were conceptually no dif- 
ferent from those of a dozen other tools, 
but because their syntax was specific to 
Eclipse, they imposed on vendors a one- 
off implementation. The second limita- 
tion was that the plug-ins required the 
Eclipse environment to be restarted to 
load a new module. 

With the advent of release 3.0, the 
Eclipse designers decided to solve both 
problems by adopting the Open Services 
Gateway Initiative (or OSGi) Reference 



Integration Watch 



platform plug-in architecture. 

OSGi (www.osgi.org) is the brainchild 
of a group of vendors who wanted to stan- 
dardize the way services would be provid- 
ed to home devices. They first convened 
in 1999 and a year later released a draft 
of the specification they were pursuing. 
Their initial design provided a standard- 
ized way for set-top devices 
(like TV cable boxes and 
DSL modems) to be extend- 
ed by discovering, loading 
and using new components. A 
year or so later, the consor- 
tium released an API for Java, 
the language on which the 
consortium standardized. 

In March 2003, the 
third — and latest — version of 
the OSGi Reference Platform 
was released. In the process, it provided 
all the services needed by a desktop 
plug-in environment such as an IDE, 
and so Eclipse was quick to adopt it. 

A good way to view OSGi is as a con- 
tainer of sorts into which the functionali- 
ty of plug-ins can be loaded as JAR files. 
The framework loads the code, which is 
called a bundle in OSGi parlance, 
enforces the security and other measures 
specified, then starts up the functionality 
specified in the bundle. When the code 




has completed, OSGi makes sure the 
bundle is closed down correctly and that 
the appropriate resources are returned to 
the system — in this case, the JVM. 

If this sounds a lot like an EJB con- 
tainer with a client-side dimension, 
you're on the right track. However, 
OSGi lacks — and for this we bow in 
thanks — the sprawling com- 
plexity of J2EE and EJBs. 

The OSGi model has four 
central pieces in addition to 
the modules themselves. The 
first piece is the execution 
environment that is inside 
the JVM. It is downward scal- 
able enough that it can fit in 
a smart phone and robust 
enough to reside on a full 
enterprise server. 
The next step is the modules layer, 
which handles the context in which bun- 
dles execute. Among the many things 
it does, it provides modules with their 
own classpath. As Java developers know, 
there is normally a single classpath that 
contains all the classes and resources. 
The modules layer adds private classes 
for a module (without placing them on 
the classpath where they could be 
accessed by other applications). It also 
controls linking between modules. 



A life-cycle layer handles the manage- 
ment of modules, such as the loading, 
running and retiring of individual bun- 
dles. Bundles all have a common starting 
point (the equivalent of main() in Java 
and C++) from which other classes can 
then be loaded. This design, which is sub- 
stantially different from the EJB compo- 
nent model, enables an orderly start, exe- 
cution and termination to a bundle. 

The final aspect of OSGi is a service 
registry. In a dynamic plug-in environ- 
ment, it is folly to operate with the expec- 
tation that needed services are active. 
The service registry enables a bundle to 
inquire what services are available and 
running. Services in OSGi can be any 
Java class. OSGi provides numerous use- 
ful services, such as HTTP, Jini, Universal 
Plug and Play (UPnP) processing, XML 
parsing, logging and so forth. Security is 
provided by the Java security model. 

In sum, OSGI provides a complete 
container for running multiple applica- 
tions within the same JVM, as well as a 
simple component model that makes 
development easy. OSGi itself consists 
of a few JAR files that can be down- 
loaded from the group's Web site. I think 
its appearance in Eclipse 3.0 is just the 
beginning of a much wider adoption — 
due to its clean, effective design and lack 
of complexity. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works LLC. 
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A Little Language Talk 



A mini-theme of this column recently 
has been "little languages," solu- 
tions that may not combine the flexibili- 
ty, familiarity and approachability that 
characterize (one hopes) mainstream 
languages, but that provide, within your 
particular area of interest, great advan- 
tages. The phrase "little languages" 
comes from one oi the most influential 
articles of the 1980s, written by Jon 
Bentley in 1986. In it he showed how 
"examining programs under a linguistic 
light can give you a better understanding 
of the tools you now use, and can teach 
you design principles for building ele- 
gant interfaces to your future programs." 

The article, available at portal. acm 
.org/citation.cfm?id=315691, presents 
elegant graphics-producing programs in a 
fraction of the space they'd require with 
any of today's mainstream languages. 
Although Bentley's article caused a sensa- 
tion, "the linguistic light" was drowned 
out by the blazing arrival of event-driven 
GUIs, object-oriented programming and 
the World Wide Web. 

A fundamental premise of .NET is that 
a platform that is explicitly designed to 
support multiple languages and program- 
ming approaches is superior to a platform, 
notably Java, whose design is dominated 
by the needs of a single language. 



I am convinced that Microsoft is sin- 
cere in trying to give the .NET managed 
platform as much flexibility as possible, 
albeit for the purely mercenary purpose 
of being in a position to exploit advances 
as they enter the mainstream. 

Whitehorse, IronPython, F#, XAML, 
Ceo... these are hardly the "master in a 
day, implement in a few" lan- 
guages proposed by Bentley. 
Coo, in particular, should not 
be attempted without first 
wrapping your head in duct 
tape so as to prevent your 
skull from exploding. 

We'll revisit Ceo in future 
columns; it's a fascinating lan- 
guage whose features may be 
incorporated in mainstream 
languages such as C# and 
VB.NET in the post-Longhorn time 
frame (emphasis on "may"), but for now 
suffice it to say that it's a language that 
integrates the worlds of objects, SQL 
and XML on the premise that program- 
mers have to deal with all three anyway. 

However, at OOPSLA in Vancouver, 
Microsoft announced an SDK for creating 
domain-specific languages and a toolkit 
powered by the Whitehorse visual design- 
er. For those of us with a traditionalist 
bent toward text, Python and OCaml are 




particularly apt for implementing parsers. 
So Microsoft appears to be slipping all the 
blocks into place to support a resurgence 
in user-created little languages. 

The great bugaboo of little languages is 
that a casually written interpreter is an 
efficiency nightmare. Bentley tells a stoiy 
of an ATM that was overrunning its 28K 
of storage that was made three 
times more efficient by a 
switch to a little language 
interpreter. Yes, 28 kilobytes — 
and a processor that undoubt- 
edly had a clock in the neigh- 
borhood of a single kilohertz. 
O, efficiency! When will we 
learn that the keys to running 
light and tight are held in our 
own hands? 

My main concern with 
developing a little language in a corporate 
environment to express, say, pricing rules 
or customer-billing options, is that while it 
should ease the evolution of business 
rules expressed in the little language, die 
technical wherewithal to evolve the inter- 
preter itself is a rare commodity. The only 
thing worse than having an unproductive 
team is having a team whose productivity 
depends on a single person. 

I wish that the risk of embracing a lit- 
tle language could be entirely mitigated, 



but that's not the case. Implementing 
even a tiny language is likely to be tied in 
to the peculiarities of a tool set, even 
when using the best modern tools, and is 
likely to be "quirky" since language 
implementation is probably one of the 
most creative programming tasks that 
one can undertake. Also, even more 
than most corporate projects, the deliv- 
erables of a little language project must 
include large amounts of non-source- 
code artifacts (indeed, I would insist on 
unit tests that exercise a clean and auto- 
mated build process from grammar 
change to runtime results). 

On the other hand, Bentley's vision of 
a little language is one that can be imple- 
mented in a few days. Even assuming 
that's an optimistic time frame, a good 
team should be able to afford a little lan- 
guage prototype as long as they aren't 
simultaneously learning a new language 
and a new tool set. 

The benefits of a little language can 
be dramatic — the type of highly visible 
project that delivers a true competitive 
edge. With the broad functionality of the 
Base Class Library, the approachable 
System. Beflection. Emit namespace, and 
the emerging options in implementation 
languages and tools, the time may have 
come to rekindle the linguistic light. I 

Larry O'Brien is a technology consultant 
and analyst, and the founding editor of 
Software Development Magazine. 
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The Shopping Cart Steamrolls 



Industry Watch 



1 



Online retail sales are expected to 
grow to US$144 billion this year, 
according to shop.org, an arm of the 
National Retail Federation that moni- 
tors such things. If that's not staggering 
in its own right, consider that six years 
ago, in 1998, the first year shop.org 
tracked online retailing, sales were at 
$14.9 billion. And six years before that, 
it's safe to say, online retailing 
did not even exist. 

It is believed the first 
online transaction occurred 
10 years ago this past August. 
Also 10 years ago, the World 
Wide Web Consortium came 
into being. That's the body 
most responsible for the 
standards and protocols 
upon which the Web is 
based. And after a slow start, 
there appears to be no stopping the 
shopping cart. 

Part of the reason for the slow start 
was security — people at first did not 
trust the fact that their credit-card infor- 
mation would remain secure. They were 
scared by stories of hackers stealing 
their numbers literally out of thin air and 
running up huge charges. And remem- 
ber the adult entertainment purveyors 
who were caught by the Federal Trade 
Commission for fraudulently billing 
credit cards and had to make some $30 
million in restitution? In short, trust was 
not high. 

Then there were issues with the Web 
itself. A medium designed for presenting 
pages now was being asked to show items 
in different colors and with different fea- 
tures, complete sales transactions, and 
connect vacationers with rental cars, 
flights and hotels. The presentation layer 
was rudimentary, there were reliability 
and compatibility issues, and the back- 
end hooks hadn't been written yet. Fur- 




ther, companies hadn't yet figured out a 
good model for what to sell, or how to 
sell it, because in their estimation, there 
just wasn't enough traffic on the Web to 
warrant significant investments in 
online retailing. 

Once those hurdles were cleared 
through the use of industry standards 
regarding security, data access and Web 
application presentation, and 
through the innovative contri- 
butions of many of the dot- 
com companies that no longer 
exist today, significant num- 
bers of people began to take 
advantage of staying home to 
shop. And businesses realized 
the importance of providing 
customers with a friendly, 
interactive experience. 

Scott Silverman, executive 
of shop.org, had a simpler 
explanation, though. "People just need- 
ed to get comfortable making a transac- 
tion a new way," he said. 

Just as customers needed to grow into 
the idea of purchasing goods and services 
over their computer, businesses needed 
to get comfortable, too. "Our first Inter- 
net experience was on the supply side," 
said Rich Donaldson, a spokesman for 
outdoors clothing and equipment retail- 
er L.L.Bean in Freeport, Maine. "We 
were using the Internet for product pro- 
curement right down to where the cotton 
is grown. And we saw how the Web 
would apply to the business." 

Different types of businesses have 
used the Web in different ways. For 
brick-and-mortar retailers, the Web 
offered an opportunity to cut marketing, 
staffing and real estate costs while still 
offering a complete catalog of its goods. 
For hotels and airlines, it meant reduc- 
ing call-center staffing dramatically and 
letting travelers choose their own flights 



and rooms. For mail-order companies, 
the Web cut mail and printing costs, and 
helped the companies truly zero in on 
their customers' purchasing habits. 

L.L.Bean at first thought technolog- 
ical advances would simply result in 
putting its famous catalog onto a CD- 
ROM. Then, the company launched its 
Web site in 1995, and took its first live 
orders in 1996. "The pages on the Web 
at first were for people to browse but 
not to transact. We wanted it to reduce 
our dependency on paper," Donaldson 
explained. 

Online transactions certainly are 
working now. This year, sales from the 
Web will make up 6.6 percent of all 
retail sales; that figure was 3.6 percent in 
2002, according to the shop. org/For- 
rester Research report titled "The State 
of Retailing Online." Further, 79 per- 
cent of retailers reported positive oper- 
ating margins from their Web business- 
es, while online sales now account for 
more than 5 percent of all sales in 12 
retail categories, up from nine cate- 
gories in 2003. 

At L.L.Bean, the Web is the compa- 
ny's fastest growth channel, Donaldson 
said, and he expects Web sales to over- 
take catalog sales in the next year or two. 

There is, however, an intrinsic value 
of the catalog as a resource, he added. 
"You don't have to plug it in, and it 
doesn't matter if you drop it, and it comes 
to your home. It's in your face as an impor- 
tant reminder." The goal for L.L.Bean, 
he said, is to split die business into thirds 
by channel: catalog, Web and stores. 

It will be interesting to see in the next 
10 years what standards will emerge, and 
how businesses will incorporate those 
standards into applications that bring in 
customers, satisfy them and increase the 
likelihood that they will, as the signs in the 
store windows say, "come back soon." I 

NEXT WHERE DO WE GO 
FROM HERE? 

David Rubinstein is editor of SD Times. 



BUSINESS BR 



NOVELL, MICROSOFT SETTLE ONE, 
BEGIN FIGHT OVER ANOTHER 

Novell Inc. and Microsoft Corp. last month 
agreed to settle claims regarding Novell's Net- 
Ware operating system for US$536 million, but 
Novell indicated it would go forward with 
another antitrust suit against Microsoft, claim- 
ing its WordPerfect software business was 
irreparably harmed. 

"We are pleased that we have been able to 
resolve a portion of our pending legal issues 
with Microsoft," Joseph A. LaSala, Jr., Novell's 
senior vice president and general counsel, said 
in a statement. "This is a significant settle- 
ment, particularly since we were able to 
achieve our objectives without filing expensive 
litigation. While we have agreed to withdraw 
from the EU case, we think our involvement 



there has been useful, as it has assisted the 
European proceedings and facilitated a favor- 
able settlement with Microsoft." 

LaSala continued, "We regret that we can- 
not make a similar announcement regarding 
our antitrust claims associated with the Word- 
Perfect business." 

Novell is seeking unspecified damages 
because it claims Microsoft tried to eliminate 
competition by bundling its office productivity 
applications with the operating system, and is 
basing its suit on the U.S. government's suc- 
cessful case against Microsoft that showed 
Microsoft had a monopoly on PC desktop oper- 
ating systems. 

— David Rubinstein 



Business performance management software vendor Hyperion Solu- 
tions Corp. and enterprise integration solutions company MetaMatrix 
Inc. have signed a partnership deal that will bring Hyperion's analytic 
and reporting capabilities to the MetaMatrix integration platform, cre- 
ating more of an enterprise solution than MetaMatrix offered previ- 
ously. The companies are working initially in the U.K. and in Ireland. 

EARNINGS: BEA Systems Inc. reported revenue of US$264.4 mil- 
lion for its fiscal third guarter 2003, ended Oct. 31. That is a 5 percent 
increase from the same period a year ago. On a GAAP basis, BEA 
reported net income of $33.5 million for the guarter (8 cents per dilut- 
ed share), up 15 percent from 2003. For the third guarter, BEA report- 
ed license revenue of $114.9 million, as compared with $128.2 million a 
year ago and $116.3 million in the second guarter. "Our top priority is 
to grow license revenue. We made significant progress during the 
guarter on several new business initiatives that are designed to drive 
new license revenue opportunities," Alfred Chuang, BEA's founder, 
chairman and CEO, said in a statement. I 



CALK DAK OF EVENT* 



Oracle OpenWorld Dec. 5-10 

San Francisco 
ORACLE CORP. 

www.oracle.com/openworld/sanfrancisco/conference 

Software Test Dec. 7-9 

& Performance Conference 

Baltimore 
BZ MEDIA LLC 

www.stpcon.com 



Macworld Conference 
SExpo 

San Francisco 

IDG WORLD EXPO CORP. 

www.macworldexpo.com/live/20 



Jan. 10-14 



OSDL Enterprise 
Linux Summit 

Burlingame, Calif. 

OPEN SOURCE DEVELOPMENT LABS INC. 

www.osdllinuxsummit.org 



Jan. 31-Feb. 2 



Web Services 
On Wall Street 

New York 

FLAGG MANAGEMENT INC. 

& LIGHTHOUSE PARTNERS INC. 

www.webservicesonwallstreet.com 



Feb. 1-2 



VSLive Feb. 6-10 

San Francisco 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences/vslive/2005/sf 



LinuxWorld Conference Feb. 14-17 
& Expo 

Boston 


IDG WORLD EXPO CORP. 




www.linuxworldexpo.com 




Web Services Edge 
2005 East 


Feb. 15-17 


Boston 




SYS-CON MEDIA INC. 

sys-con.com/edge2005east 




SHARE 


Feb. 27-March 4 


Anaheim 




IBM CORP. 




www.share.org 




EclipseCon Feb. 28-March 3 

Burlingame, Calif. 

ECLIPSE.ORG 

www.eclipse.org/eclipsecon2005/eclipsecon.html 


Embedded Systems 
Conference 


March 6-10 


San Francisco 




CMP MEDIA LLC 

www.esconline.com/sf/index.htm 




Developer 
Relations Conference 


March 7-8 


San Jose 




EVANS DATA CORP. 

www.evansdata.com/drc 





For a more complete calendar of U.S. software devel- 
opment events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 



3D TIMES WCB SEMINARS 



From File Box Dec. 8 

To Sarbox 

Time: 10 a.m. Pacific (1 p.m. Eastern) 
SERENA SOFTWARE INC. AND SD TIMES 

sdtimes.unisfair.com 

For a more complete calendar of SD Times Web 
Seminars, see www.sdtimes.com/seminar.htm. 
Registration is free. 
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The Fastest and Easiest Way to Deliver feature-Rich .NET 
Framework Solutions to Your Customers 



Deueloper Express Technologies help you build ipr best, reduce rhe amount of code qou 
write, increase ijour pfoducriuirij. and create stunning applications for Uindouis® and the 

Web in the shortest possible rime... 

To learn more about our tools and how rheij can significantly impact i|our bottom-line uisir 

us online at ujiuui.deueKpress.com 

Productivity Tools 

CodeRusb is a powerful editor add-^n for Visual SludJo® .NET Crease more code with fewer 
Keystrokes, see complex software with clarity, and design forms with ease. Say goodbye to 

^ drudgery and get ready to become tjhe programming superhero that yon always know you 

t could be- 
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Reporting 



A comprehensive roporimc p-'aiform for Windows® and the Web, Xtrafloports is fully mtcgra-od 
Into the Visual Studio® .NET IDE and sets the standard Tot easc-af-uso end flexibility. "iV th 
XtraReports, you nover have to cringe at the Jhptight of having to de*»gn a report agem! 



Visual Components 



To bultd stunning and f a* ota applications, you need feature compfete components... Ones thai 
wonV as expected, each and every time. Our complete range of visual components will help you 
emulate today's most popular Ills wtltiou! hassles or aggravation. L-ke all of our tools, our 
components were written in Visual C* 11 * and fully ophmized for the -NET Framework and sl| 
NET languages- 



ersistentfltiiecisl 



'. Apptication Development Framework 

xpd represents a powerful bridge between the true object world and relational databases, tl 
gives developers the freedom to build true business objects without having to deal with the 
tedious complexifies of mapping them onto individual database tables. 




I~l icrasopr . UisLal 3tudiQ.NET, Uindotus, and Uisual G = are either registered 

rrarJemafhs or rrademarks of Mcmsufi Corporation in rhe United States and/or other countries. 
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Go-CcjEm 



uiLiiiij.deijeKpress.JJDm 



Change. Your Pre 







J 



What will happen when X leads, to Y7 Is Y a place it can even get to? Predictability is about 

making an educated, albeit blind guess, right? Not necessarily. Enter Serena: Conquering 

the unknown with the industry's most complete line of change management software. You'll be 

able to say "The unexpected? Yeah, J totally saw that coming," The new Leader in change 

management is here, increasing your predictability, 
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From tha makora of laamTraek* ChanoeMan" DimenslofiaTand PVCS* come a, a new laval of predictability. Leant mora at marefta.com/piorJiciahHlty 
Geptrtrtrt SOW. Somna. AJ" "ihre rngnntl. Ssira. T«rnriart gn^ ctanaRta* tpv iop5is - pd T'rtKiwrtj at Sb^m Satan**, Hid (Hmmtfoni ta * Indnnifc ind IVCS m-t ragtanred mdcffl of rAram, 



